Lucene search

IBM7D98EFE88F1CDF13AF12F0E8899BB051B2F1B25F060EEE36BBA40409900057DE

HistoryJun 16, 2018 - 10:03 p.m.

Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194)

2018-06-1622:03:27

www.ibm.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Security Access Manager Appliance has addressed the following cross-site request forgery vulnerability that has been identified in IBM WebSphere Application Server.

Vulnerability Details

CVEID: CVE-2017-1194**
DESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123669 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected IBM Security Access Manager Appliance

Affected Versions

—|—

IBM Security Access Manager

9.0 - 9.0.2.1

Remediation/Fixes

Product

VRMF

APAR

Remediation

—|—|—|—
IBM Security Access Manager| 9.0 - 9.0.2.1| IJ00670| Upgrade to 9.0.3.0:
IBM Security Access Manager V9.0.3 Multiplatform, Multilingual (CRW4EML)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security access managereq9.0.0
ibm security access managereq9.0.0.1
ibm security access managereq9.0.1.0
ibm security access managereq9.0.2.0
ibm security access managereq9.0.2.1

Name	Operator	Version
ibm security access manager	eq	9.0.0
ibm security access manager	eq	9.0.0.1
ibm security access manager	eq	9.0.1.0
ibm security access manager	eq	9.0.2.0
ibm security access manager	eq	9.0.2.1

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for 7D98EFE88F1CDF13AF12F0E8899BB051B2F1B25F060EEE36BBA40409900057DE