8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.6%
WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server and User Management Service (new in BAW 18.0.0.1) in IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional and WebSphere Application Server Liberty have been published in a security bulletin.
Please consult the security bulletin Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039) for vulnerability details and information about fixes.
The reported vulnerability affects WebSphere Application Server (traditional) V9, which is not supported by any version of IBM Business Process Manager or IBM Business Automation Workflow. The same vulnerability affects WebSphere Application Server Liberty, which is included in IBM Business Process Manager V8.5.5 and later and IBM Business Automation Workflow V18. WebSphere Application Server Liberty is also included in User Management Service shipped with Business Automation Workflow V18.0.0.1.
- IBM Business Process Manager V8.5.5.0
- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2
- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06
- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03
- IBM Business Automation Workflow V18.0.0.0 through V18.0.0.1
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.6%