Lucene search

K
ibmIBM4450BF002B81307CC148A107254502D5E3E5A4CD4BB1B2E1E623E1B4EC5AEC35
HistoryMar 07, 2019 - 7:35 a.m.

Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where the Rational Asset Manager is deployed (CVE-2018-1996)

2019-03-0707:35:02
www.ibm.com
5

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

Summary

In the WebSphere Application Server Admin console where the Rational Asset Manager is deployed, a potential security vulnerability is observed due to improper TLS configuration. Information about this security vulnerability affecting WebSphere Application Server is published in the respective security bulletin.

Vulnerability Details

Refer to the security bulletins listed in the Remediation/Fixes section.

Affected Products and Versions

IBM Rational Asset Manager 7.5 and 7.5 .1.

NOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.

Remediation/Fixes

Refer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS).

Affected Supporting Product

|

Affected Supporting Product Security Bulletin

—|—

IBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0.

|

Security Bulletin: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)

Workarounds and Mitigations

None.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

Related for 4450BF002B81307CC148A107254502D5E3E5A4CD4BB1B2E1E623E1B4EC5AEC35