The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of WebSphere AS: privilege escalation via Spoof Connection Information

Synthesis of the vulnerability

An attacker can bypass restrictions via Spoof Connection Information of WebSphere AS, in order to escalate his privileges.
Severity of this computer vulnerability: 2/4.
Creation date: 08/03/2019.
Références of this announce: CVE-2018-1902, ibm10795115, ibm10876438, ibm10877000, ibm10884082, swg27048591, VIGILANCE-VUL-28690.

Description of the vulnerability

An attacker can bypass restrictions via Spoof Connection Information of WebSphere AS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

This computer weakness bulletin impacts software or systems such as Rational ClearCase, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional.

Our Vigil@nce team determined that the severity of this computer threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of intranet server.

An attacker with a expert ability can exploit this threat announce.

Solutions for this threat

WebSphere AS Traditional: version 9.0.0.11.
The version 9.0.0.11 is fixed:
  https://www-01.ibm.com/support/docview.wss?uid=ibm10878146

WebSphere AS: patch for Spoof Connection Information.
A patch is indicated in information sources.

IBM Rational ClearCase: solution for CVE-2018-1902.
WebSphere should be updated as indicated in information sources.

IBM Spectrum Protect Client: patch for WebSphere AS.
A patch is indicated in information sources.

IBM Tivoli System Automation Application Manager: solution for WebSphere AS.
The solution is indicated in information sources.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a network vulnerability watch. The technology watch team tracks security threats targeting the computer system.