Security Bulletin: Privilege Escalation Vulnerability identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1151)


## Summary Websphere Application Server (WAS) Full profile is shipped as a component of Jazz for Service Management (JazzSM) and WAS has been affected by privilege escalation vulnerability ## Vulnerability Details CVEID: CVE-2017-1151 DESCRIPTION: IBM WebSphere Application Server configured with OpenID Connect (OIDC) Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. CVSS Base Score: 8.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122292> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions Jazz for Service Management version 1.1.0 - 1.1.3 ## Remediation/Fixes Principal Product and Version(s) | Affected Supporting Product and Version| Affected Supporting Product Security Bulletin ---|---|--- Jazz for Service Management version 1.1.0 - 1.1.3| Websphere Application Server Full Profile 8.5.5| [Security Bulletin: Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2017-1151)](<http://www-01.ibm.com/support/docview.wss?uid=swg21999293>) ## Workarounds and Mitigations Please refer to WAS iFix ##

Affected Software

CPE Name Name Version
tivoli components 1.1
tivoli components
tivoli components
tivoli components
tivoli components 1.1.1
tivoli components
tivoli components 1.1.2
tivoli components
tivoli components 1.1.3