Lucene search

K
ibmIBM26D0EEB4AE42158F08AD0ED3C642FAFF87E4BE43DB62DF2B476D5BB67415841F
HistoryMay 05, 2022 - 7:13 p.m.

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager

2022-05-0519:13:59
www.ibm.com
96
ibm websphere application server
ibm tivoli federated identity manager
security vulnerabilities
clickjacking
remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.8%

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Federated Identity Manager All

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is/are shipped with IBM Tivoli Federated Identity Manager.

Principal Product

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

IBM Tivoli Federated Identity Manager

|

IBM WebSphere Application Server 9,0

|

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038)

IBM Tivoli Federated Identity Manager

|

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0

|

Security Bulletin: IBM WebSphere Application Server is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_federated_identity_managerMatch6.2.
VendorProductVersionCPE
ibmtivoli_federated_identity_manager6.2.cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.8%