Lucene search

IBM4E0E20EECC4387F5D8B07A8F5216717E614BDA714A2BBCCCE14643EB4E1BD3BA

HistoryJun 16, 2018 - 1:42 p.m.

Security Bulletin: A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Decision Optimization Center (CVE-2016-0385)

2018-06-1613:42:44

www.ibm.com

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

JSON

Summary

IBM WebSphere Application Server is shipped with IBM ILOG Optimization Decision Manager Enterprise, Developer Edition / IBM Decision Optimization Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin listed in the Remediation/Fixes section.

Affected Products and Versions

IBM ILOG Optimization Decision Manager Enterprise v3.5 - v3.7.0.2
IBM Decision Optimization Center v3.8 - v3.9

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is/are shipped with IBM Decision Optimization Center.

Principal Product and Version(s)	Affected Supporting Product and Version	Affected Supporting Product Security Bulletin
IBM ILOG Optimization Decision Manager Enterprise v3.5 - v3.7	IBM WebSphere Application Server 7.0	Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)
IBM Decision Optimization Center v3.8 - v3.9	IBM WebSphere Application Server 8.5.5

CPENameOperatorVersion
ibm ilog odm enterpriseeq3.9.0
ibm ilog odm enterpriseeq3.8.0.2
ibm ilog odm enterpriseeq3.8.0.1
ibm ilog odm enterpriseeq3.8
ibm ilog odm enterpriseeq3.7.0.2
ibm ilog odm enterpriseeq3.7.0.1
ibm ilog odm enterpriseeq3.7
ibm ilog odm enterpriseeq3.6.0.1
ibm ilog odm enterpriseeq3.6
ibm ilog odm enterpriseeq3.5

Name	Operator	Version
ibm ilog odm enterprise	eq	3.9.0
ibm ilog odm enterprise	eq	3.8.0.2
ibm ilog odm enterprise	eq	3.8.0.1
ibm ilog odm enterprise	eq	3.8
ibm ilog odm enterprise	eq	3.7.0.2
ibm ilog odm enterprise	eq	3.7.0.1
ibm ilog odm enterprise	eq	3.7
ibm ilog odm enterprise	eq	3.6.0.1
ibm ilog odm enterprise	eq	3.6
ibm ilog odm enterprise	eq	3.5

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

JSON

Related for 4E0E20EECC4387F5D8B07A8F5216717E614BDA714A2BBCCCE14643EB4E1BD3BA