3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
There is a potential information disclosure vulnerability in WebSphere Application Server.
CVEID: CVE-2017-1681**
DESCRIPTION:** IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134003 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Tivoli Integrated Portal version 2.1.0 - 2.1.0.5
Tivoli Integrated Portal version 2.2.0.0 - 2.2.0.19
Principal Product and Version(s)
| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin
—|—|—
Tivoli Integrated Portal version
2.1.0 - 2.1.0.5
2.2.0 - 2.2.0.19
| embedded Websphere Application Server version 7.0.x| Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1681)
The Websphere security bulletin above provides a link to the required iFix to remediate the vulnerability. However, the iFix requires either eWAS 7.0.0.31 or higher installed.
TIP does not support upgrading Websphere fixpack independently. TIP 2.2.0.15 or TIP 2.2.0.17 or TIP 2.2.0.19 must be applied which will upgrade eWAS to 7.0.0.31 and above. Once TIP FP has been applied, the Websphere iFix can be applied as described in the Websphere bulletin.
Please refer to WAS iFix as described above
CPE | Name | Operator | Version |
---|---|---|---|
tivoli components | eq | 2.1 | |
tivoli components | eq | 2.2 |
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N