9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins.
Please consult the security bulletin, Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783), for vulnerability details and information about fixes.
Please consult the security bulletin, Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621), for vulnerability details and information about fixes.
Please consult the security bulletin, Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719), for vulnerability details and information about fixes.
Please consult the security bulletin, Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901), for vulnerability details and information about fixes.
Please consult the security bulletin, Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904), for vulnerability details and information about fixes.
Please consult the security bulletin, Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926), for vulnerability details and information about fixes.
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Federated Identity Manager 6.2 | |
IBM Tivoli Federated Identity Manager Business Gateway 6.2 | IBM WebSphere Application Server 7.0 |
IBM Tivoli Federated Identity Manager 6.2.1 | |
IBM Tivoli Federated Identity Manager Business Gateway 6.2.1 | IBM WebSphere Application Server 7.0 |
IBM Tivoli Federated Identity Manager 6.2.2 | |
IBM Tivoli Federated Identity Manager Business Gateway 6.2.2 | IBM WebSphere Application Server 7.0, 8.0, 8.5 |
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P