IBM Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud

Nov 2, 2018 9:01 am EDT

Categorized: High Severity

Share this post:

There is a potential man-in-the-middle attack in Apache CXF used by WebSphere Application Server. There is a potential directory traversal vulnerability in the Admin Console for WebSphere Application Server. There is a potential bypass security vulnerability in the expression language library used by WebSphere Application Server. There is a potential cross-site scripting vulnerability in the OAuth ear in WebSphere Application Server. There is a potential cross-site scripting vulnerability in SAML ear in WebSphere Application Server. There is a potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console.

CVE(s): CVE-2018-8039, CVE-2018-1770, CVE-2014-7810, CVE-2018-1794, CVE-2018-1793, CVE-2018-1777

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

• Liberty
• Version 9.0
• Version 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10737753
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148686
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/103155
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148949
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148948
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148800

from IBM Product Security Incident Response Team https://ift.tt/2yNBz0R