| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM WebSphere Application Server Traditional
WebSphere AS: privilege escalation via Spoof Connection Information
Synthesis of the vulnerability
An attacker can bypass restrictions via Spoof Connection Information of WebSphere AS, in order to escalate his privileges.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet server.
Creation date: 08/03/2019.
Identifiers: CVE-2018-1902, ibm10795115, ibm10876438, ibm10877000, swg27048591, VIGILANCE-VUL-28690.
Description of the vulnerability
An attacker can bypass restrictions via Spoof Connection Information of WebSphere AS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: privilege escalation via RPATH
Synthesis of the vulnerability
An attacker can bypass restrictions via RPATH of IBM Java, in order to escalate his privileges.
Impacted products: AIX, IBM i, Security Directory Server, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 06/03/2019.
Identifiers: CVE-2018-1890, ibm10873042, ibm10875554, ibm10878234, ibm10878236, ibm10878376, ibm10883400, SUSE-SU-2019:0617-1, VIGILANCE-VUL-28666.
Description of the vulnerability
An attacker can bypass restrictions via RPATH of IBM Java, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: Cross Site Scripting via Admin Console
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Admin Console of WebSphere AS, in order to run JavaScript code in the context of the web site.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/03/2019.
Identifiers: CVE-2019-4030, ibm10869406, ibm10876436, ibm10876986, swg27048591, VIGILANCE-VUL-28651.
Description of the vulnerability
The WebSphere AS product offers a web service.
However, it does not filter received data via Admin Console before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Admin Console of WebSphere AS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: information disclosure via TLS Configuration
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via TLS Configuration of WebSphere AS, in order to obtain sensitive information.
Impacted products: Rational ClearCase, Security Directory Server, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 20/02/2019.
Identifiers: 154650, CVE-2018-1996, ibm10793421, ibm10874404, ibm10876442, ibm10878821, swg27048591, VIGILANCE-VUL-28559.
Description of the vulnerability
An attacker can bypass access restrictions to data via TLS Configuration of WebSphere AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: Cross Site Request Forgery via Admin Console
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery via Admin Console of WebSphere AS, in order to force the victim to perform operations.
Impacted products: Rational ClearCase, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 11/12/2018.
Identifiers: CVE-2018-1926, ibm10742301, ibm10791781, ibm10793329, VIGILANCE-VUL-27995.
Description of the vulnerability
The WebSphere AS product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery via Admin Console of WebSphere AS, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: privilege escalation via Cached Value
Synthesis of the vulnerability
An attacker can bypass restrictions via Cached Value of WebSphere AS, in order to escalate his privileges.
Impacted products: Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 11/12/2018.
Identifiers: CVE-2018-1901, ibm10738727, ibm10793335, VIGILANCE-VUL-27994.
Description of the vulnerability
An attacker can bypass restrictions via Cached Value of WebSphere AS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: information disclosure via httpServletRequest-authenticate
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via httpServletRequest::authenticate() of WebSphere AS, in order to obtain sensitive information.
Impacted products: Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 07/12/2018.
Identifiers: CERTFR-2018-AVI-589, CVE-2018-1957, ibm10744247, ibm10793327, VIGILANCE-VUL-27982.
Description of the vulnerability
An attacker can bypass access restrictions to data via httpServletRequest::authenticate() of WebSphere AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: external XML entity injection
Synthesis of the vulnerability
An attacker can transmit malicious XML data to WebSphere AS, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Rational ClearCase, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 21/11/2018.
Identifiers: CVE-2018-1905, ibm10738721, ibm10744257, VIGILANCE-VUL-27842.
Description of the vulnerability
An attacker can transmit malicious XML data to WebSphere AS, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: directory traversal via EBA
Synthesis of the vulnerability
An attacker can traverse directories via EBA of WebSphere AS, in order to create a file outside the service root path.
Impacted products: Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 15/11/2018.
Identifiers: CVE-2018-1797, ibm10730699, ibm10743907, VIGILANCE-VUL-27795.
Description of the vulnerability
An attacker can traverse directories via EBA of WebSphere AS, in order to create a file outside the service root path.
Full Vigil@nce bulletin... (Free trial) |
WebSphere AS: Cross Site Scripting via Installation Verification Tool
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Installation Verification Tool of WebSphere AS, in order to run JavaScript code in the context of the web site.
Impacted products: Rational ClearCase, Security Directory Server, Tivoli System Automation, WebSphere AS Traditional.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 12/11/2018.
Identifiers: CERTFR-2018-AVI-539, CERTFR-2018-AVI-544, CVE-2018-1643, ibm10716857, ibm10743909, ibm10794423, ibm10869322, VIGILANCE-VUL-27759.
Description of the vulnerability
The WebSphere AS product offers a web service.
However, it does not filter received data via Installation Verification Tool before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Installation Verification Tool of WebSphere AS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM WebSphere Application Server Traditional:
|