Lucene search

K
ibmIBMFC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108
HistoryJan 28, 2019 - 5:35 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

2019-01-2817:35:01
www.ibm.com
13

EPSS

0.005

Percentile

76.5%

Summary

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Please consult the security bulletin, Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926), for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Federated Identity Manager 6.2
IBM Tivoli Federated Identity Manager Business Gateway 6.2 IBM WebSphere Application Server 7.0
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager Business Gateway 6.2.1 IBM WebSphere Application Server 7.0
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager Business Gateway 6.2.2 IBM WebSphere Application Server 7.0, 8.0, 8.5

Workarounds and Mitigations

None

EPSS

0.005

Percentile

76.5%