The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM WebSphere AS Liberty

vulnerability note CVE-2017-1731

WebSphere Application Server traditional: privilege escalation via Admin Console

Synthesis of the vulnerability

An attacker can bypass restrictions via Admin Console of WebSphere Application Server traditional, in order to escalate his privileges.
Impacted products: Security Directory Server, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 30/01/2018.
Identifiers: 2012345, 2013084, 2013942, 2016520, 2017074, 7043863, 7048591, CVE-2017-1731, VIGILANCE-VUL-25174.

Description of the vulnerability

An attacker can bypass restrictions via Admin Console of WebSphere Application Server traditional, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-2579 CVE-2018-2581 CVE-2018-2582

Oracle Java: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 17/01/2018.
Identifiers: 2013818, 2014315, 2015656, 2016042, 2016207, 2016278, 2016496, 2016502, CERTFR-2018-AVI-036, cpujan2018, CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2675, CVE-2018-2677, CVE-2018-2678, DLA-1339-1, DSA-4144-1, DSA-4166-1, FEDORA-2018-223d8fc52a, FEDORA-2018-a82015aa02, FEDORA-2018-d50769efa0, FEDORA-2018-e2e52fb0bf, ibm10715641, ibm10717143, ibm10717207, ibm10718843, ibm10719115, ibm10719319, JSA10873, N1022544, openSUSE-SU-2018:0679-1, openSUSE-SU-2018:0684-1, RHSA-2018:0095-01, RHSA-2018:0099-01, RHSA-2018:0100-01, RHSA-2018:0115-01, RHSA-2018:0349-01, RHSA-2018:0351-01, RHSA-2018:0352-01, RHSA-2018:0458-01, RHSA-2018:0521-01, SB10225, SUSE-SU-2018:0630-1, SUSE-SU-2018:0645-1, SUSE-SU-2018:0661-1, SUSE-SU-2018:0663-1, SUSE-SU-2018:0665-1, SUSE-SU-2018:0694-1, USN-3613-1, USN-3614-1, VIGILANCE-VUL-25082.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-1681

WebSphere Application Server: file reading

Synthesis of the vulnerability

A local attacker can read a file of WebSphere Application Server, in order to obtain sensitive information.
Impacted products: Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/01/2018.
Identifiers: 2010419, 2011863, 2013085, 2013815, 2016039, 2016519, 7043863, 7048591, CVE-2017-1681, VIGILANCE-VUL-25032.

Description of the vulnerability

A local attacker can read a file of WebSphere Application Server, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-6440

OpenSAML: information disclosure via XML Entities

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via XML Entities of OpenSAML, in order to obtain sensitive information.
Impacted products: WebSphere AS Liberty, RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 15/11/2017.
Identifiers: 2010415, 2011863, CVE-2013-6440, RHSA-2014:0170-01, RHSA-2014:0171-01, RHSA-2014:0172-01, RHSA-2014:0195-01, RHSA-2014:0452-01, RHSA-2014:1290-01, RHSA-2014:1291-01, RHSA-2014:1995-01, VIGILANCE-VUL-24441.

Description of the vulnerability

An attacker can bypass access restrictions to data via XML Entities of OpenSAML, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-1583

WebSphere AS: information disclosure via JSF MyFaces Errors

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via JSF MyFaces Errors of WebSphere AS, in order to obtain sensitive information.
Impacted products: Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 24/10/2017.
Identifiers: 2008707, 2010466, CVE-2017-1583, VIGILANCE-VUL-24223.

Description of the vulnerability

An attacker can bypass access restrictions to data via JSF MyFaces Errors of WebSphere AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-4343

Apache MyFaces Core: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Apache MyFaces Core, in order to obtain sensitive information.
Impacted products: Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 24/10/2017.
Identifiers: 2008707, 2010466, CVE-2011-4343, VIGILANCE-VUL-24222.

Description of the vulnerability

An attacker can bypass access restrictions to data of Apache MyFaces Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-10274 CVE-2017-10281 CVE-2017-10285

Oracle Java: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 18/10/2017.
Identifiers: 2010282, 2010560, 2011264, 2012279, 2013081, 2013150, 2013545, 2014202, 2014981, 2015655, 2015825, 2016207, CERTFR-2017-AVI-366, cpuoct2017, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10341, CVE-2017-10342, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10380, CVE-2017-10386, CVE-2017-10388, DLA-1187-1, DSA-4015-1, DSA-4048-1, FEDORA-2017-7b17451b82, FEDORA-2017-98a361c2b5, FEDORA-2017-b1492e4844, FEDORA-2017-e7938fd7d7, ibm10718843, JSA10873, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, RHSA-2017:2998-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, RHSA-2017:3264-01, RHSA-2017:3267-01, RHSA-2017:3268-01, RHSA-2017:3392-01, SB10212, SRC-2017-0028, SUSE-SU-2017:2989-1, SUSE-SU-2017:3235-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:0061-1, swg22012279, Synology-SA-17:66, USN-3473-1, USN-3497-1, VIGILANCE-VUL-24161.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-0378

IBM WebSphere Application Server Liberty: information disclosure via Exceptions

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Exceptions of IBM WebSphere Application Server Liberty, in order to obtain sensitive information.
Impacted products: Security Directory Server, WebSphere AS Liberty.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 20/06/2017.
Identifiers: 1981529, 2002049, CVE-2016-0378, VIGILANCE-VUL-23043.

Description of the vulnerability

An attacker can bypass access restrictions to data via Exceptions of IBM WebSphere Application Server Liberty, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-3509 CVE-2017-3511 CVE-2017-3512

Oracle Java: vulnerabilities of April 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Brocade vTM, Debian, Avamar, Fedora, Android OS, AIX, Domino, Notes, IRAD, QRadar SIEM, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 19/04/2017.
Identifiers: 2003016, 2003566, 2004451, 2005052, 2005123, 2005160, 2005255, 2007242, 2007464, 2008210, 500160, BSA-2017-323, BSA-2017-325, BSA-2017-326, BSA-2017-327, BSA-2017-328, BSA-2017-330, BSA-2017-331, CERTFR-2017-AVI-119, cpuapr2017, CVE-2017-3509, CVE-2017-3511, CVE-2017-3512, CVE-2017-3514, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544, DLA-954-1, DSA-3858-1, ESA-2017-058, FEDORA-2017-25358a23ad, FEDORA-2017-9b18f02810, FEDORA-2017-9fbcf033f8, FEDORA-2017-a6a053fc05, NTAP-20170420-0001, openSUSE-SU-2017:1429-1, openSUSE-SU-2017:1507-1, RHSA-2017:1108-01, RHSA-2017:1109-01, RHSA-2017:1117-01, RHSA-2017:1118-01, RHSA-2017:1119-01, RHSA-2017:1204-01, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, SB10200, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1400-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:1445-1, USN-3275-1, USN-3275-2, USN-3275-3, VIGILANCE-VUL-22488.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-2583

Linux kernel: access to protected memory area under KVM

Synthesis of the vulnerability

An attacker process, inside a guest system, can set its stack segment register to 0, in order to get the kernel privileges on the host system.
Impacted products: Debian, Fedora, WebSphere AS Liberty, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 19/01/2017.
Identifiers: 7043863, CERTFR-2017-AVI-042, CERTFR-2017-AVI-050, CERTFR-2017-AVI-053, CERTFR-2017-AVI-058, CERTFR-2017-AVI-060, CERTFR-2018-AVI-408, CVE-2017-2583, DSA-3791-1, FEDORA-2017-18ce368ba3, FEDORA-2017-e6012e74b6, openSUSE-SU-2017:0456-1, openSUSE-SU-2017:0906-1, RHSA-2017:1615-01, RHSA-2017:1616-01, SUSE-SU-2017:0407-1, SUSE-SU-2017:0464-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0575-1, SUSE-SU-2017:1990-1, USN-3208-1, USN-3208-2, USN-3361-1, USN-3754-1, VIGILANCE-VUL-21637.

Description of the vulnerability

The Linux kernel product offers a heavyweight virtualization layer Kernel Virtual Machine.

The machine instruction that set the stack segment register must be emulated by KVM in order to provide separate segment tables to each guest system. However, the case of the segment number 0 is special for the processor and the emulator mishandle it. On a host having an AMD processor, the effect is to give the privilege level of the host kernel to the code of the guest process.

An attacker process, inside a guest system, can therefore set its stack segment register to 0, in order to get the kernel privileges on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM WebSphere AS Liberty: