3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
IBM WebSphere Application Server and IBM Business Process Manage are shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise.
Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Consult Security Bulletin: Bypass security restrictions in WebSphere Application Server (CVE-2016-0385) for information details.
Principal Product and Version(s)
| Affected Supporting Product and Version
β|β
IBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2|
WebSphere Application Server V8.5.5 through V8.5.5.7
IBM Business Process Manager Standard V8.5.5 - V8.5.6.2
IBM Cloud Orchestrator V2.4, V2.4.01, V2.4.0.2,V2.4.0.3|
WebSphere Application Server V8.5.0.1 through V8.5.5.7
IBM Business Process Manager Standard V8.5.0.1
IBM Cloud Orchestrator V2.3, V2.3.0.1|
IBM WebSphere Application Server V8.0, V8.0.11
IBM Business Process Manager Standard V8.5.0.1
IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2 |
WebSphere Application Server V8.5.5 through V8.5.5.7
IBM Business Process Manager Standard V8.5.5 - V8.5.6.2
IBM SmartCloud Cost Management V2.1.0.5
IBM Cloud Orchestrator Enterprise V2.4, V2.4.01, V2.4.0.2,V2.4.0.3|
WebSphere Application Server V8.5.0.1 through V8.5.5.7
IBM Business Process Manager Standard V8.5.0.1
IBM SmartCloud Cost Management V2.1.0.4
IBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1|
IBM WebSphere Application Server V8.0, V8.0.11
IBM Business Process Manager Standard V8.5.0.1
IBM SmartCloud Cost Management V2.1.0.3
Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Cloud Orchestrator.
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
IBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, |
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Dynamic Process Edition, and WebSphere Lombardi Edition
IBM Cloud Orchestrator V2.4, V2.4.01, V2.4.0.2,V2.4.0.3|
WebSphere Application Server V8.5.0.1 through V8.5.5.7
IBM Business Process Manager Standard V8.5.0.1
IBM Cloud Orchestrator V2.3, V2.3.0.1|
IBM WebSphere Application Server V8.0, V8.0.11
IBM Business Process Manager Standard V8.5.0.1
IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2 |
WebSphere Application Server V8.5.5 through V8.5.5.7
IBM Business Process Manager Standard V8.5.5 - V8.5.6.2
IBM SmartCloud Cost Management V2.1.0.5
IBM Cloud Orchestrator Enterprise V2.4, V2.4.01, V2.4.0.2,V2.4.0.3|
WebSphere Application Server V8.5.0.1 through V8.5.5.7
IBM Business Process Manager Standard V8.5.0.1
IBM SmartCloud Cost Management V2.1.0.4
IBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1|
IBM WebSphere Application Server V8.0, V8.0.11
IBM Business Process Manager Standard V8.5.0.1
IBM SmartCloud Cost Management V2.1.0.3
Apply mitigation as per Security Bulletin WebSphere Application Server (CVE-2016-0385).
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N