Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM37DCA69A8F05D4600F2DFEBAD4E2279769AFDEE3BF1F94E8585E94CD4DF92BBC
HistoryDec 04, 2018 - 2:25 p.m.

Security Bulletin: WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.

2018-12-0414:25:01
www.ibm.com
7

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

JSON

Summary

WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

These vulnerabilities affect the following versions and releases of IBM WebSphere Remote Server:
9.0, 8.5, 7.0

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with WebSphere Remote Server.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

WebSphere Remote Server

9.0

|

WebSphere Application Server

9.0

|

Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905)

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798)

WebSphere Remote Server 9.0, 8.5, 7.0

|

WebSphere Application Server 9.0, 8.5, 8.0, 7.0

|

Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797)

WebSphere Remote Server 9.0, 8.5

|

WebSphere Application Server 9.0, 8.5, 8.0

|

Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)

CPENameOperatorVersion
websphere remote servereqany

Related

ibm 61
nessus 4
prion 4
cve 4
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns
2018-11-28 13:50:01
Security Bulletin: Security vulnerabilities are identified in the WebSphere Application Server where the Rational Asset Manager is deployed (CVE-2018-1797 and CVE-2018-1798)
2018-12-20 11:05:01
Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2018-1797 and CVE-2018-1798)
2018-11-28 12:15:01
nessus
nessus
IBM WebSphere Application Server 9.0.0.x < 9.0.0.10 XML External Entity Injection (XXE) Vulnerability (CVE-2018-1905)
2018-12-14 00:00:00
IBM WebSphere Application Server 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.0.x < 9.0.0.9 Installation Verification Tool Cross-site Scripting (XSS) Vulnerability (CVE-2018-1643)
2018-12-14 00:00:00
IBM WebSphere Application Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Cross-Site Scripting Vulnerability
2020-04-30 00:00:00
prion
prion
Xxe
2018-11-26 16:29:00
Cross site scripting
2018-11-15 16:29:00
Cross site scripting
2018-11-12 16:29:00
cve
cve
CVE-2018-1905
2018-11-26 16:29:00
CVE-2018-1643
2018-11-15 16:29:00
CVE-2018-1797
2018-11-16 15:29:00

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

JSON
Related for 37DCA69A8F05D4600F2DFEBAD4E2279769AFDEE3BF1F94E8585E94CD4DF92BBC
ibm61nessus4prion4cve4