IBM9863229FD360AB165E5BD05F62514B31FECDFF405A778B6AF210F40EA0711CE5Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Access Manager for e-business and IBM Security Access Manager software releases (CVE-2017-1731)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
Summary
IBM WebSphere Application Server is shipped as a component of IBM Tivoli Access Manager for e-business and IBM Security Access Manager software. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Vulnerability Details
Please consult the security bulletin “Security Bulletin: Potential Privilege Escalation in WebSphere Application Server Admin Console (CVE-2017-1731)” for vulnerability details and information about fixes.
Affected Products and Versions
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Tivoli Access Manager for e-business 6.1, 6.1.1|
IBM WebSphere Application Server 7.0
IBM Security Access Manager for Web 7.0 (software)| IBM WebSphere Application Server 7.0, 8.0, 8.5
Workarounds and Mitigations
None
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P