Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM26B64E5813DC06054154222E04107FBF657114A1D607F6C86B1292EE5F26FDEA
HistoryOct 31, 2018 - 3:05 p.m.

Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console shipped with Jazz for Service Management (CVE-2018-1770)

2018-10-3115:05:01
www.ibm.com
8

0.007 Low

EPSS

Percentile

81.0%

JSON

Summary

There is a potential directory traversal vulnerability in the Admin Console for WebSphere Application Server shipped with Jazz for Service Management.

Vulnerability Details

CVEID: CVE-2018-1770 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148686&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Jazz for Service Management version 1.1.0 - 1.1.3.1

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
Jazz for Service Management version 1.1.0 - 1.1.3 Websphere Application Server Full Profile 8.5.5 Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770)

Workarounds and Mitigations

Please refer to WAS interim fix.

Related

prion 1
ibm 33
nessus 2
cve 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2018-10-12 11:29:00
ibm
ibm
Security Bulletin: Content Collector for Email is affected by 3RD PARTY CSRF and OOB-XXE Vulnerabilities in WebSphere Web Application Server's Integrated Solutions Console 9.0.0.8, 8.5.5.13, and 8.5.5.9
2019-02-06 12:05:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2018-1770)
2018-10-19 16:20:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1770)
2019-01-21 14:40:01
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Admin Console Directory Traversal Vulnerability (CVE-2018-1770)
2018-12-14 00:00:00
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Admin Console Directory Traversal Vulnerability (CVE-2018-1770)
2019-08-22 00:00:00
cve
cve
CVE-2018-1770
2018-10-12 11:29:00
cvelist
cvelist
CVE-2018-1770
2018-10-09 00:00:00
nvd
nvd
CVE-2018-1770
2018-10-12 11:29:00

0.007 Low

EPSS

Percentile

81.0%

JSON
Related for 26B64E5813DC06054154222E04107FBF657114A1D607F6C86B1292EE5F26FDEA
prion1ibm33nessus2cve1cvelist1nvd1