There is a potential information disclosure in WebSphere Application Server (CVE-2018-1957)
CVEID: CVE-2018-1957 DESCRIPTION: IBM WebSphere Application Server could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153629> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
The recommended solution is to apply the interim fix, Fix Pack or PTF containing the APARs for each named product as soon as practical.
For WebSphere Application Server traditional:
For V9.0.0.0 through 9.0.0.9:
ยท Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH04562
--ORโ
ยท Apply Fix Pack 9.0.0.10 or later.
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server | eq | 9.0 |