Home Unlabelled IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194 )

IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194 )

By
Tuesday, June 06, 2017
Read
Add Comment

There is a potential privilege escalation vulnerability in traditional WebSphere Application Server when using the OpenID Connect (OIDC) Trust Association Interceptor (TAI). This does not affect WebSphere Application Server Liberty. There is a potential for weaker than expected security with the Administrative Console in WebSphere Application Server. There is a potential cross-site request forgery in WebSphere Application Server OAuth service provider.

CVE(s): CVE-2017-1151, CVE-2017-1137, CVE-2017-1194

Affected product(s) and affected version(s):

IBM WebSphere Application Server Version 8.5.5 is affected by vulnerabilities listed.
IBM WebSphere Application Server Version 9 is only affected by CVE-2017-1151 and CVE-2017-1194.
IBM WebSphere Application Server Liberty is only affected by CVE-2017-1194.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2rN1W4B
X-Force Database: http://ift.tt/2miY8CE
X-Force Database: http://ift.tt/2szfCxV
X-Force Database: http://ift.tt/2s04pcE

The post IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194 ) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2szyWuQ
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us