Security Bulletin: A security vulnerability has been identified in the WebSphere Application Server where the Rational Asset Manager is deployed (CVE-2018-1777,CVE-2018-1767,CVE-2014-7810, and CVE-2018-1567)

Summary

In the WebSphere Application Server Admin console where the Rational Asset Manager is deployed, a potential Cross-site scripting, Security bypass and Code execution vulnerabilities are observed. Information about these security vulnerabilities affecting WebSphere Application Server have been published in the respective security bulletins.

Vulnerability Details

Refer to the security bulletins listed in the Remediation/Fixes section.

Affected Products and Versions

IBM Rational Asset Manager 7.5 .1, 7.5.2.x, 7.5.3.x, and 7.5.4.

NOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS).

Affected Supporting Product

|

Affected Supporting Product Security Bulletin

—|—

IBM WebSphere Application Server Version 7.0, 8.0, 8.5 and 9.0.

|

Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777)

Security Bulletin: Cross-site scripting vulnerability in CacheMonitor for WebSphere Application Server (CVE-2018-1767)
Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810)
Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

Workarounds and Mitigations

None.