IBM68C7C71475551A289405D1AFB880830E7F5EA8BC1EE90921A7C4F767E7AA3649Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty affects IBM Operations Analytics - Log Analysis (CVE-2018-1851)
EPSS
Percentile
89.4%
Summary
WebSphere Application Server OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code
Vulnerability Details
CVEID: CVE-2018-1851
DESCRIPTION: IBM WebSphere Application Server OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150999> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Operations Analytics - Log Analysis version 1.3.5
Remediation/Fixes
| Principal Product and Version(s) | Fix details |
|---|---|
| IBM Operations Analytics - Log Analysis version 1.3.5 | Security Bulletin: Code execution vulnerability with OpenID connect in WebSphere Application Server Liberty (CVE-2018-1851) |
Related
EPSS
Percentile
89.4%