Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDB04090859F8679BAF60915BCA68B7576553855F24A191D2D85B46CAFBAFFBAB
HistoryJul 18, 2020 - 11:34 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server (WAS) Liberty profile shipped with IBM InfoSphere BigInsights (CVE-2016-5986, CVE-2016-3040, CVE-2016-0378)

2020-07-1823:34:36
www.ibm.com
5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

IBM WebSphere Application Server (WAS) Liberty profile is shipped as a component of IBM InfoSphere BigInsights Console. Information about a security vulnerabilities affecting WAS Liberty profile has been published in security bulletins.

Vulnerability Details

Please consult security bulletins for vulnerability details and information about fixes.

Potential Information Disclosure vulnerability in WebSphere Application Server (CVE-2016-5986)
Open Redirect vulnerability in WebSphere Application Server Liberty (CVE-2016-3040)
Information Disclosure in IBM WebSphere Application Server Liberty (CVE-2016-0378)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM InfoSphere BigInsights 2.x

IBM InfoSphere BigInsights 3.x

| IBM WebSphere Application Server Version 8.5 Liberty profile

Remediation/Fixes

Fix:

  1. Stop all BigInsights Services
  2. Apply Fix Pack 16.0.0.3
  3. Start all BigInsights Services

Related

ibm 102
cve 3
prion 3
openvas 2
nessus 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM MQ Light (CVE-2016-5986, CVE-2016-3040, CVE-2016-0378)
2018-06-15 07:06:53
Security Bulletin: Multiple vulnerabilities in IBM WebSphere affect IBM Control Center (CVE-2016-3042, CVE-2016-3040, CVE-2016-5986, CVE-2016-0378)
2019-12-17 22:47:42
Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2016-0378, CVE-2016-3040, CVE-2016-5986, CVE-2016-5983)
2018-06-17 15:31:11
cve
cve
CVE-2016-0378
2016-11-24 19:59:00
CVE-2016-5986
2016-10-01 01:59:00
CVE-2016-3040
2016-09-26 04:59:00
prion
prion
Design/Logic Flaw
2016-11-24 19:59:00
Information disclosure
2016-10-01 01:59:00
Code injection
2016-09-26 04:59:00
openvas
openvas
IBM Websphere Application Server Potential Information Disclosure Vulnerability
2016-10-03 00:00:00
IBM Websphere Application Server 'Openid' Cross Site Scripting Vulnerability
2016-10-03 00:00:00
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities
2016-11-03 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for DB04090859F8679BAF60915BCA68B7576553855F24A191D2D85B46CAFBAFFBAB
ibm102cve3prion3openvas2nessus1