Lucene search

K
ibmIBMC270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8
HistoryFeb 11, 2020 - 9:31 p.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-1181, CVE-2016-1182)

2020-02-1121:31:00
www.ibm.com
5

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.428 Medium

EPSS

Percentile

97.4%

Summary

IBM WebSphere Application Server is shipped with IBM Predictive Customer Intelligence. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Predictive Customer Intelligence 1.0| WebSphere Application Server 8.5.5 ND
Predictive Customer Intelligence 1.0.1| WebSphere Application Server 8.5.5 ND
Predictive Customer Intelligence 1.1| WebSphere Application Server 8.5.5.6 ND
Predictive Customer Intelligence 1.1.1| WebSphere Application Server 8.5.5.6 ND

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin
—|—|—
Predictive Customer Intelligence 1.0 and 1.0.1| WebSphere Application Server 8.5.5| Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)
Predictive Customer Intelligence 1.1 and 1.1.1| WebSphere Application Server 8.5.5.6| Vulnerabilities in Apache Struts affects IBM WebSphere Application Server (CVE-2016-1181 and CVE-2016-1182)

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.428 Medium

EPSS

Percentile

97.4%