Home Unlabelled IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

By
Wednesday, September 21, 2016
Read
Add Comment

IBM WebSphere Application Server Liberty could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting in OpenID Connect clients caused by improper validation of input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. There is an Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty. Apache Commons Fileupload vulnerability affects WebSphere Application Server. There is a potential information disclosure in WebSphere Application Server. There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in July 2016. These may affect some configurations of Liberty for Java for IBM Bluemix.

CVE(s): CVE-2016-3040, CVE-2016-3042, CVE-2016-0378, CVE-2016-3092, CVE-2016-5986, CVE-2016-3485

Affected product(s) and affected version(s):

All vulnerabilities affect the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0
  • Version 8.5 and 8.5.5 Full Profile and Liberty

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2cGfQ35
X-Force Database: http://ift.tt/2ciMesr
X-Force Database: http://ift.tt/2coBlSO
X-Force Database: http://ift.tt/2cG9hh7
X-Force Database: http://ift.tt/2bozrA8
X-Force Database: http://ift.tt/2ccJKps
X-Force Database: http://ift.tt/2b7G65u



from IBM Product Security Incident Response Team http://ift.tt/2djlbw6
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us