Lucene search
IBM547AD05898AC71E11EC6CA3DDF7018133BDEBBD6A242B73BA53896F0A7C28A70HistoryJun 15, 2018 - 10:34 p.m.
Security Bulletin: Multiple vulnerabilities in IBM OpenPages Platform with Application Server
2018-06-1522:34:31
www.ibm.com
7
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Summary
The following security vulnerabilities have been identified in versions of IBM OpenPages with Application Server. See Vulnerability Details for CVE IDs.
Vulnerability Details
Customers who have IBM OpenPages with Application Server are potentially impacted by the following vulnerabilities:
| CVE ID | DESCRIPTION |
|---|---|
| CVE-2014-2480 | |
| CVSS Base Score: 6.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94543> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the unspecified component has partial confidentiality impact, partial integrity impact, and partial availability impact |
| CVE-2014-4255 | |
| CVSS Base Score: 6.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94544> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Security and Policy component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2014-2481 | |
| CVSS Base Score: 6.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94542> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the unspecified component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2014-4254 | |
| CVSS Base Score: 6.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94545> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2014-2479 | |
| CVSS Base Score: 6.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94546> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2014-4267 | |
| CVSS Base Score: 6.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94547> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS Core Components component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
| CVE-2014-4256 | |
| CVSS Base Score: 5.8 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94549> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Deployment component has partial confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2014-4201 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94552> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to cause a denial of service. |
| CVE-2014-4202 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94553> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to cause a denial of service. |
| CVE-2014-4210 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94554> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to obtain sensitive information. |
| CVE-2014-4253 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94555> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WebLogic Server JVM component could allow a remote attacker to cause a denial of service. |
| CVE-2014-4217 | |
| CVSS Base Score: 4.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94558> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has no confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2014-4241 | |
| CVSS Base Score: 4.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94559> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has no confidentiality impact, partial integrity impact, and no availability impact. |
| CVE-2014-4242 | |
| CVSS Base Score: 4.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94557> for the current score | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the Console component has no confidentiality impact, partial integrity impact, and no availability impact. |
Affected Products and Versions
IBM OpenPages with Application Server 6.2 through 7.0.
Remediation/Fixes
A fix has been created that can remediate all affected versions of the named product. Download and install the fix as soon as practical. The fix and installation instructions are available at the URL listed below:
| Patch | Download URL |
|---|---|
| IBM OpenPages with Application Server IF 2 | <http://www.ibm.com/support/docview.wss?uid=swg24039136> |
Workarounds and Mitigations
No known workaround, please apply fix.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm openpages with watson | eq | 7.0 | |
| ibm openpages with watson | eq | 6.2.1 | |
| ibm openpages with watson | eq | 6.2 |
Related
openvas
openvas
Oracle WebLogic Server Multiple Unspecified Vulnerabilities -01 (May 2016)
2016-05-03 00:00:00
cve
cve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2014-07-17 05:10:00
Design/Logic Flaw
2014-07-17 11:17:00
hackerone
hackerone
U.S. Dept Of Defense: WebLogic Server Side Request Forgery
2017-12-25 21:57:03
seebug
seebug
η¨εζη³»η»ζΌζ΄(SSRF&JavaεεΊεεε½δ»€ζ§θ‘ζΌζ΄)
2015-12-10 00:00:00
Oracle WebLogic SSRF And XSS
2015-09-06 00:00:00
nuclei
nuclei
Oracle Weblogic - Server-Side Request Forgery
2021-04-23 13:03:54
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities
2014-07-21 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for 547AD05898AC71E11EC6CA3DDF7018133BDEBBD6A242B73BA53896F0A7C28A70