Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM52A050C4010D16E2294605DA1F1B0E94ED4FECF86138BFD9724AA585CB74DBAE
HistoryJun 17, 2018 - 3:46 p.m.

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)

2018-06-1715:46:35
www.ibm.com
5

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON

Summary

Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations) Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain sensitive information.

Vulnerability Details

CVEID: CVE-2017-1380**
DESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1381**
DESCRIPTION:** IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manager FastBack for Workstations) Central Administration Console levels 7.1.0.0 through 7.1.4.x.

Note that IBM Spectrum Protect for Workstations Central Administration Console 8.1 is not affected.

Remediation/Fixes

IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console Release

| First Fixing VRMF level|Platform|Link to Fix
—|—|—|—

7.1

| 7.1.8| Windows x86

Windows x64| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Storage+Manager+FastBack+for+Workstations&fixids=7.1.8.0-TIV-FB4WKSTNS-CAC-x86_windows&source=SAR&function=fixId&parent=ibm/Tivoli
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Storage+Manager+FastBack+for+Workstations&fixids=7.1.8.0-TIV-FB4WKSTNS-CAC-x64_windows&source=SAR&function=fixId&parent=ibm/Tivoli

_ _

Workarounds and Mitigations

None

Related

ibm 58
prion 2
nessus 2
cve 2
openvas 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server shipped with Predictive Customer Intelligence (CVE-2017-1381, CVE-2017-1382, CVE-2017-1380)
2020-02-11 21:31:00
Multiple vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2017-1380, CVE-2017-1381, CVE-2017-1382, CVE-2017-1501)
2018-06-15 07:07:55
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1381)
2018-06-15 07:07:48
prion
prion
Design/Logic Flaw
2017-07-21 20:29:00
Cross site scripting
2017-07-24 21:29:00
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.13 / 9.0 < 9.0.0.5 Information Disclosure (PI82630)
2017-08-04 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Unspecified XSS (PI82078)
2017-08-04 00:00:00
cve
cve
CVE-2017-1381
2017-07-21 20:29:00
CVE-2017-1380
2017-07-24 21:29:00
openvas
openvas
IBM Websphere Application Server 'XSS' And 'Insecure File Permissions' Vulnerabilities
2017-07-25 00:00:00

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

JSON
Related for 52A050C4010D16E2294605DA1F1B0E94ED4FECF86138BFD9724AA585CB74DBAE
ibm58prion2nessus2cve2openvas1