Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21
HistoryFeb 11, 2020 - 9:31 p.m.

Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server shipped with Predictive Customer Intelligence (CVE-2017-1381, CVE-2017-1382, CVE-2017-1380)

2020-02-1121:31:00
www.ibm.com
8

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

JSON

Summary

Websphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletins Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)_, _Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382) and Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380) for vulnerability details and information about fixes.

Affected Products and Versions

Predictive Customer Intelligence 1.0, 1.0.1, 1.1, 1.1.1

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by Websphere Application Server which is shipped with Predictive Customer Intelligence.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
Predictive Customer Intelligence 1.0 and 1.0.1 Websphere Application Server 8.5.5 Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)

Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)

Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)

Predictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)

Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)

Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)

Related

ibm 83
openvas 1
prion 3
nessus 3
cve 3
ibm
ibm
Multiple vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2017-1380, CVE-2017-1381, CVE-2017-1382, CVE-2017-1501)
2018-06-15 07:07:55
Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)
2018-06-17 15:46:35
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380, CVE-2017-1382)
2018-06-16 20:11:23
openvas
openvas
IBM Websphere Application Server 'XSS' And 'Insecure File Permissions' Vulnerabilities
2017-07-25 00:00:00
prion
prion
Design/Logic Flaw
2017-07-21 20:29:00
Design/Logic Flaw
2017-07-24 21:29:00
Cross site scripting
2017-07-24 21:29:00
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.13 / 9.0 < 9.0.0.5 Information Disclosure (PI82630)
2017-08-04 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Insecure File Permissions (PI79343)
2017-08-04 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Unspecified XSS (PI82078)
2017-08-04 00:00:00
cve
cve
CVE-2017-1381
2017-07-21 20:29:00
CVE-2017-1382
2017-07-24 21:29:00
CVE-2017-1380
2017-07-24 21:29:00

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

JSON
Related for 433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21
ibm83openvas1prion3nessus3cve3