IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
Jan 15, 2019 9:00 am EST
Categorized: High Severity
Share this post:
There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. There is a potential cross-site scripting vulnerability in the Cache Monitor web application in WebSphere Application Server. There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. Potential cross-site scripting vulnerability in WebSphere Application Server using Message Migration Utility (SIBMsgMigration). The Message Migration Utility is not deployed by default. You are only at risk if you have deployed the application. There is a potential directory traversal vulnerability in WebSphere Application Server. This is occurs when an Enterprise Bundle Archive (EBA) is installed into the Application Server that has a path external to the EBA. There is a potential privilege elevation vulnerability in WebSphere Application Server after migration from WebSphere Application Server Version 8 when a security domain is configured to use a federated repository other than global federated repository. There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty.
CVE(s): CVE-2018-1643, CVE-2018-1767, CVE-2018-1798, CVE-2018-1797, CVE-2018-1840, CVE-2018-1851
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Liberty
- Version 9.0
- Version 8.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10740027
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148621
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149428
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149427
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150813
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150999
from IBM Product Security Incident Response Team https://ibm.co/2RTEQqa