8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
There is a potential privilege escalation in WebSphere Application Server Admin Console.
CVEID: CVE-2017-1731 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134912 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
The recommended solution is to apply the interim fix, Fix Pack or PTF containing APARs PI89498 for each named product as soon as practical.
For WebSphere Application Server traditional and WebSphere Application Server Hypervisor Edition:
For V9.0.0.0 through 9.0.0.6:
· Upgrade to minimal fix pack levels as required by interim fixes and then apply Interim Fix PI89498
--ORâ
· Apply Fix Pack 9.0.0.7 or later.
For V8.5.0.0 through 8.5.5.13:
· Upgrade to minimal fix pack levels as required by interim fixes and then apply Interim Fix PI89498
--ORâ
· Apply Fix Pack 8.5.5.14 or later.
For V8.0.0.0 through 8.0.0.14:
· Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix PI89498
--ORâ
· Apply Fix Pack 8.0.0.15 or later.
For V7.0.0.0 through 7.0.0.43:
· Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix PI89498
--ORâ
· Apply Fix Pack 7.0.0.45 or later.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P