Security Bulletin: Potential Vulnerability identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1137)

Summary

Websphere Application Server (WAS) Full profile is shipped as a component of Jazz for Service Management (JazzSM) and WAS has been affected by potential vulnerability

Vulnerability Details

CVEID: CVE-2017-1137**
DESCRIPTION:** IBM WebSphere Application Server could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121549 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Jazz for Service Management version 1.1.0 - 1.1.3

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin
—|—|—
Jazz for Service Management version 1.1.0 - 1.1.3| Websphere Application Server Full Profile 8.5.5| Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137)

Workarounds and Mitigations

Please refer to WAS iFix