Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM82D72845B48E29F382E3CB32198A7458539BFAEC832BAC6D7B23609003A86C76
HistoryFeb 11, 2020 - 9:31 p.m.

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-0385, CVE-2016-0377, CVE-2016-2960, CVE-2016-3092)

2020-02-1121:31:00
www.ibm.com
4

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Summary

WebSphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Refer to the security bulletins listed in the Remediation/Fixes section.

Affected Products and Versions

Predictive Customer Intelligence 1.0,

Predictive Customer Intelligence 1.0.1,

Predictive Customer Intelligence 1.1,

Predictive Customer Intelligence 1.1.1

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin
—|—|—
Predictive Customer Intelligence 1.0 and 1.0.1| WebSphere Application Server 8.5.5| Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)

Information Disclosure in IBM WebSphere Application Server in the Admin Console (CVE-2016-0377)

Potential denial of service with SIP Services (CVE-2016-2960)

Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)

Predictive Customer Intelligence 1.1 and 1.1.1| WebSphere Application Server 8.5.5.6| Bypass security restrictions in WebSphere Application Server (CVE-2016-0385)

Information Disclosure in IBM WebSphere Application Server in the Admin Console (CVE-2016-0377)

Potential denial of service with SIP Services (CVE-2016-2960)

Apache Commons FileUpload Vulnerability affects WebSphere Application Server (CVE-2016-3092)

Related

ibm 124
nessus 18
checkpoint_advisories 2
cve 4
openvas 14
prion 4
redhat 4
f5 2
myhack58 1
tomcat 2
debian 5
veracode 2
osv 3
debiancve 1
mageia 1
freebsd 2
fedora 3
atlassian 4
github 1
jvn 1
ubuntu 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus (CVE-2016-0385, CVE-2016-0377, CVE-2016-2960, CVE-2016-3092)
2018-06-15 07:06:12
Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2016-3092, CVE-2016-0377, CVE-2016-0385, CVE-2016-2960)
2018-06-15 07:06:14
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2016-2960, CVE-2016-0385, CVE-2016-3092)
2018-06-17 15:28:47
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.41 Multiple Vulnerabilities
2016-10-26 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / 9.0 < 9.0.0.1 / Liberty 16.0 < 16.0.0.3 Information Disclosure
2016-11-07 00:00:00
IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.13 / 8.5.x < 8.5.5.10 / 9.0.x < 9.0.0.1 DoS (CVE-2016-2960)
2020-10-30 00:00:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere Application Server SIP Processing Denial of Service (CVE-2016-2960)
2016-09-07 00:00:00
Apache Commons FileUpload Denial Of Service (CVE-2016-3092)
2016-07-31 00:00:00
cve
cve
CVE-2016-2960
2016-08-08 01:59:00
CVE-2016-0377
2016-10-22 03:59:00
CVE-2016-0385
2016-09-01 10:59:00
openvas
openvas
IBM Websphere Application Server 'SIP Services' Denial of Service Vulnerability
2016-08-16 00:00:00
Debian Security Advisory DSA 3614-1 (tomcat7 - security update)
2016-07-02 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-736)
2016-10-26 00:00:00
prion
prion
Code injection
2016-08-08 01:59:00
Information disclosure
2016-10-22 03:59:00
Buffer overflow
2016-09-01 10:59:00
redhat
redhat
(RHSA-2016:2069) Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 7
2016-10-17 18:09:27
(RHSA-2016:2072) Moderate: jboss-ec2-eap security and enhancement update for EAP 6.4.11
2016-10-17 18:55:44
(RHSA-2016:2068) Moderate: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 6
2016-10-17 18:09:14
f5
f5
SOL82392041 - Apache Commons FileUpload vulnerability CVE-2016-3092
2016-07-19 00:00:00
K82392041 : Apache Commons FileUpload vulnerability CVE-2016-3092
2016-07-19 00:00:00
myhack58
myhack58
Apache Commons Fileupload 1.3.1 DOS(CVE-2016-3092)-vulnerability warning-the black bar safety net
2017-06-15 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.0.M8
2016-06-13 00:00:00
Fixed in Apache Tomcat 7.0.70
2016-06-20 00:00:00
debian
debian
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update
2016-06-30 08:44:01
[SECURITY] [DLA 529-1] tomcat7 security update
2016-06-26 18:59:17
[SECURITY] [DSA 3614-1] tomcat7 security update
2016-07-02 12:54:16
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:13:41
Denial Of Service (DoS)
2017-04-04 03:24:03
osv
osv
libcommons-fileupload-java - security update
2016-06-26 00:00:00
High severity vulnerability that affects commons-fileupload:commons-fileupload
2018-12-21 17:47:47
tomcat7 - security update
2016-06-26 00:00:00
debiancve
debiancve
CVE-2016-3092
2016-07-04 22:59:00
mageia
mageia
Updated tomcat/apache-commons-fileupload packages fix security vulnerability
2016-07-27 00:16:28
freebsd
freebsd
Apache Commons FileUpload -- denial of service (DoS) vulnerability
2016-06-20 00:00:00
Apache Commons FileUpload -- denial of service
2016-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: tomcat-8.0.36-2.fc23
2016-09-01 18:56:38
[SECURITY] Fedora 24 Update: tomcat-8.0.36-2.fc24
2016-09-01 17:01:05
[SECURITY] Fedora 25 Update: tomcat-8.0.36-2.fc25
2016-09-01 13:43:39
atlassian
atlassian
Upgrade Tomcat to 8.0.36 or later
2016-07-14 14:22:05
Upgrade Tomcat to 8.0.36 or later
2016-07-14 14:22:05
Upgrade Tomcat to 8.0.36 or later
2016-07-14 14:22:05
github
github
High severity vulnerability that affects commons-fileupload:commons-fileupload
2018-12-21 17:47:47
jvn
jvn
JVN#89379547: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
2016-06-30 00:00:00
ubuntu
ubuntu
Tomcat vulnerability
2016-07-06 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON
Related for 82D72845B48E29F382E3CB32198A7458539BFAEC832BAC6D7B23609003A86C76
ibm124nessus18checkpoint_advisories2cve4openvas14prion4redhat4f52myhack581tomcat2debian5veracode2osv3debiancve1mageia1freebsd2fedora3atlassian4github1jvn1ubuntu1