Home Unlabelled IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

IBM Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

By
Tuesday, January 15, 2019
Read
Add Comment

Jan 15, 2019 9:00 am EST

Categorized: High Severity

Share this post:

There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server. There is a potential cross-site scripting vulnerability in the Cache Monitor web application in WebSphere Application Server. There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty. Potential cross-site scripting vulnerability in WebSphere Application Server using Message Migration Utility (SIBMsgMigration). The Message Migration Utility is not deployed by default. You are only at risk if you have deployed the application. There is a potential directory traversal vulnerability in WebSphere Application Server. This is occurs when an Enterprise Bundle Archive (EBA) is installed into the Application Server that has a path external to the EBA. There is a potential privilege elevation vulnerability in WebSphere Application Server after migration from WebSphere Application Server Version 8 when a security domain is configured to use a federated repository other than global federated repository. There is a potential code execution vulnerability in OpenID connect in WebSphere Application Server Liberty.

CVE(s): CVE-2018-1643, CVE-2018-1767, CVE-2018-1798, CVE-2018-1797, CVE-2018-1840, CVE-2018-1851

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Liberty
  • Version 9.0
  • Version 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10740027
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144588
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148621
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149428
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/149427
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150813
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150999



from IBM Product Security Incident Response Team https://ibm.co/2RTEQqa
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us