IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud
Nov 2, 2018 9:01 am EDT
Categorized: High Severity
Share this post:
There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server. There is a potential directory traversal vulnerability in the Admin Console for WebSphere Application Server. There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server. There is a potential cross-site scripting vulnerability in the OAuth ear in WebSphere Application Server. There is a potential cross-site scripting vulnerability in SAML ear in WebSphere Application Server. There is a potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console.
CVE(s): CVE-2018-8039, CVE-2018-1770, CVE-2014-7810, CVE-2018-1794, CVE-2018-1793, CVE-2018-1777
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Liberty
- Version 9.0
- Version 8.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10737753
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148686
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103155
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148949
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148948
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148800
from IBM Product Security Incident Response Team https://ift.tt/2yNBz0R