Lucene search

IBMEC9C4942DC6B13EB8A7D2C5ED6757C645B967E343E6EFF8AEBCB6CB67C0FF535

HistoryJun 16, 2018 - 9:48 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway (CVE-2016-5983)

2018-06-1621:48:59

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Summary

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin, Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983), for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager Business Gateway 6.2.1| IBM WebSphere Application Server 7.0
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager Business Gateway 6.2.2| IBM WebSphere Application Server 7.0, 8.0, 8.5

Remediation/Fixes

IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway are affected through IBM WebSphere Application Server. If you use one of the affected versions of WebSphere, update your IBM WebSphere Application Server with the appropriate Interim Fix based on information in the WebSphere security bulletin, Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983).

CPENameOperatorVersion
tivoli federated identity managereq6.2.1
tivoli federated identity managereq6.2.2

CPE	Name	Operator	Version
	tivoli federated identity manager	eq	6.2.1
	tivoli federated identity manager	eq	6.2.2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

Related for EC9C4942DC6B13EB8A7D2C5ED6757C645B967E343E6EFF8AEBCB6CB67C0FF535