CVE-2018-1643

The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

ibm.websphere.txt

On solaris maybe also AIX the installation of WebSphere from IBM installs a deinstallation shell script in /usr/bin with protection 777. This script is also called by 'pkgrm', which has to be issued by root. The script can therefore be easily used for placing a troian horse etc. Besides this...