Lucene search
IBM3498462C76F97243B5A6344F8C8BEB2CD353AA81806FD2CF3B5A1554BD2D5959HistoryJun 15, 2018 - 7:07 a.m.
Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-1504)
2018-06-1507:07:58
www.ibm.com
3
Summary
WebSphere Application Server traditional 9.0.0.4 added a new feature using the PasswordUtil command to enable AES password encryption. If you used this feature, then you have a potential for weaker than expected security since some passwords did not get encrypted as you might have expected. If you didn’t use this new feature, then you are not affected by this vulnerability. This does not affect passwords with the default XOR encoding, or passwords with custom encryption.
Vulnerability Details
Consult the security bulletin: Weaker than expected security in WebSphere Application Server for vulnerability details and information about fixes.
Affected Products and Versions
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Version 9.0.0.4 - if you used the PasswordUtil command to enable AES password encryption.
| CPE | Name | Operator | Version |
|---|---|---|---|
| websphere application server patterns | eq | any |
Related
prion
prion
Command injection
2017-08-03 15:29:00
nessus
nessus
IBM WebSphere Application Server 9.0.0.4 Weak Encryption (CVE-2017-1504)
2020-10-27 00:00:00
ibm
ibm
cve
cve
CVE-2017-1504
2017-08-03 15:29:00
openvas
openvas
cvelist
cvelist
CVE-2017-1504
2017-08-01 00:00:00
Related for 3498462C76F97243B5A6344F8C8BEB2CD353AA81806FD2CF3B5A1554BD2D5959