Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108
HistoryJan 28, 2019 - 5:35 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

2019-01-2817:35:01
www.ibm.com
9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins.

Vulnerability Details

Please consult the security bulletin, Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904), for vulnerability details and information about fixes.

Please consult the security bulletin, Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926), for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s) Affected Supporting Product and Version
IBM Tivoli Federated Identity Manager 6.2
IBM Tivoli Federated Identity Manager Business Gateway 6.2 IBM WebSphere Application Server 7.0
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager Business Gateway 6.2.1 IBM WebSphere Application Server 7.0
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager Business Gateway 6.2.2 IBM WebSphere Application Server 7.0, 8.0, 8.5

Workarounds and Mitigations

None

Related

ibm 134
openvas 14
nessus 22
oraclelinux 1
github 1
fedora 3
redhat 5
prion 6
cgr 1
wolfi 1
amazon 1
mageia 1
cve 4
osv 1
aix 1
debiancve 1
centos 1
veracode 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2018-1840, CVE-2018-1901, CVE-2018-1904 and CVE-2018-1926)
2018-12-18 10:45:02
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On
2019-01-25 03:40:02
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearCase (CVE-2018-1904, CVE-2018-1926)
2018-12-18 14:00:01
openvas
openvas
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1189
2013-02-04 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-169)
2015-09-08 00:00:00
Fedora Update for jakarta-commons-httpclient FEDORA-2013-1289
2013-02-04 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : jakarta-commons-httpclient (ELSA-2013-0270)
2013-07-12 00:00:00
SuSE 11.2 Security Update : jakarta (SAT Patch Number 7574)
2013-04-04 00:00:00
RHEL 6 : redhat-support-plugin-rhev (RHSA-2014:0224)
2014-11-08 00:00:00
oraclelinux
oraclelinux
jakarta-commons-httpclient security update
2013-02-19 00:00:00
github
github
Improper Certificate Validation in apache HttpClient
2022-05-13 01:10:34
fedora
fedora
[SECURITY] Fedora 18 Update: jakarta-commons-httpclient-3.1-12.fc18
2013-02-01 16:27:25
[SECURITY] Fedora 16 Update: jakarta-commons-httpclient-3.1-12.fc16
2013-02-01 16:49:49
[SECURITY] Fedora 17 Update: jakarta-commons-httpclient-3.1-12.fc17
2013-02-01 16:45:35
redhat
redhat
(RHSA-2013:0680) Moderate: jakarta-commons-httpclient security update
2013-03-25 00:00:00
(RHSA-2013:0682) Moderate: jakarta-commons-httpclient security update
2013-03-25 00:00:00
(RHSA-2014:0224) Moderate: redhat-support-plugin-rhev security update
2014-02-27 00:00:00
prion
prion
Code injection
2012-11-04 22:55:00
Code injection
2018-12-12 16:29:00
Code injection
2018-12-11 16:29:00
cgr
cgr
CVE-2012-5783 vulnerabilities
2024-04-26 03:19:48
wolfi
wolfi
CVE-2012-5783 vulnerabilities
2024-04-26 09:06:29
amazon
amazon
Medium: jakarta-commons-httpclient
2013-03-14 22:04:00
mageia
mageia
Updated jakarta-commons-httpclient package fixes security vulnerability
2013-07-06 18:11:31
cve
cve
CVE-2012-5783
2012-11-04 22:55:00
CVE-2018-1901
2018-12-12 16:29:00
CVE-2018-1926
2018-12-12 16:29:00
osv
osv
Improper Certificate Validation in apache HttpClient
2022-05-13 01:10:34
aix
aix
AIX is vulnerable to an SSL server spoof due to Apache Commons HttpClient
2023-04-13 13:44:57
debiancve
debiancve
CVE-2012-5783
2012-11-04 22:55:00
centos
centos
jakarta security update
2013-02-20 02:59:36
veracode
veracode
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:56:38

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108
ibm134openvas14nessus22oraclelinux1github1fedora3redhat5prion6cgr1wolfi1amazon1mageia1cve4osv1aix1debiancve1centos1veracode1