Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2018-1840, CVE-2018-1901, CVE-2018-1904 and CVE-2018-1926)

Summary

WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Please consult

• Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)
• Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901)
• Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)
• Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926)

for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
WebSphere Service Registry and Repository V8.5 | WebSphere Application Server V8.5.5
WebSphere Service Registry and Repository V8.0 | WebSphere Application Server V8.0

Note the following flash before upgrading WebSphere Application Server V8.5.5:

WebSphere Service Registry and Repository: Read First before upgrading to WebSphere Application Server V8.5.5 Fix Pack 14