Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2017-1194)

Summary

Websphere Application Server - Liberty profile is shipped as a component of IBM Operations Analytics - Log Analysis. Information about a Cross-site request forgery vulnerability affecting Websphere Application Server has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2017-1194**
DESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123669 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5

Remediation/Fixes

Principal Product and Version(s)

| Fix details
—|—
IBM Operations Analytics - Log Analysis version 1.3.1, 1.3.2, 1.3.3, 1.3.3.1 and 1.3.5|

Security Bulletin: Cross-site request forgery in WebSphere Application Server (CVE-2017-1194)

Workarounds and Mitigations

Please refer to the interim fix from WAS available in fix central, link provided above