B - Production Support » Agrobank Support

Hi,
Kindly attend below request:-

Just got an alert regarding IBM WebSphere Application as below:

Multiple Security Vulnerabilities have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Portal.

Description:

IBM WebSphere Application Server is shipped as a component of IBM WebSphere Portal. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in security bulletins.

Please consult the security bulletins for IBM WebSphere Application Server published at:

Security Bulletin: Potential Privilege Escalation in WebSphere Application Server Admin Console (CVE-2017-1731)

Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1681)

Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server (CVE-2016-1000031)

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU

Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741)

Security Bulletin: Denial of Service in Apache CXF used by WebSphere Application Server (CVE-2017-12624)

Security Bulletin: Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388)

Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2017-1788)

Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613)

Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)

Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743)

Security Bulletin: Multiple vulnerabilities GSKit bundled with IBM HTTP Server

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server April 2018 CPU

Security Bulletin: Information disclosure in WebSphere Application Server with SAML (CVE-2018-1614)

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)

Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)

Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI

Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621)

Security Bulletin: Remote code execution vulnerability in the JSF used by WebSphere Application Server

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU

Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2018-1695)

Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719)

Security Bulletin: Potential MITM attack in Apache CXF used by WebSphere Application Server (CVE-2018-8039)

Security Bulletin: Cross-site scripting vulnerability in SAML ear in WebSphere Application Server (CVE-2018-1793)

Security Bulletin: Cross-site scripting vulnerability in OAuth ear in WebSphere Application Server (CVE-2018-1794)

Security Bulletin: Multiple security vulnerabilities in GSKit used by Edge Caching proxy of WebSphere Application Server

Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810)

Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770)

Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777)

Security Bulletin: Cross-site scripting vulnerability in CacheMonitor for WebSphere Application Server (CVE-2018-1767)

Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798)

Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)

Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797)

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU

Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905)

Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Security Bulletin: Potential information disclosure in WebSphere Application Server (CVE-2018-1957)

Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)

Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901)

Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Control (CVE-2018-1926)

Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237)

for vulnerability details and information about fixes.

Affected Version(s):

IBM WebSphere Portal version 7.0, 8.0, 8.5, 9.0

IBM WebSphere Application Server version 7.0, 8.0, 8.5, 9.0

Reference(s):

http://www.ibm.com/support/docview[dot]wss?uid=swg22014121

https://www.auscert.org.au/bulletins/75178

Multiple Security Vulnerabilities have been Identified in IBM WebSphere Application Server Shipped with IBM Campaign and IBM Opportunity Detect

Description:

IBM WebSphere Application Server is shipped as a component of IBM Campaign and IBM Opportunity Detect. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in security bulletins.

Vulnerability Details:

Please consult the security bulletins for IBM WebSphere Application Server published at

Security Bulletin: Potential Privilege Escalation with WebSphere Application Server Admin Console (CVE-2017-1731)

Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741)

Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2017-1743)

Security Bulletin: Cross-site scripting vulnerability in Installation Verification Tool of WebSphere Application Server (CVE-2018-1643)

Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621)

Security Bulletin: Information disclosure in WebSphere Application Server with SAML (CVE-2018-1614)

Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2018-1695)

Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2018-1719)

Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console (CVE-2018-1770)

Security Bulletin: Cross-site scripting vulnerability in SAML ear in WebSphere Application Server (CVE-2018-1793)

Security Bulletin: Cross-site scripting vulnerability in OAuth ear in WebSphere Application Server (CVE-2018-1794)

Security Bulletin: Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777)

Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798)

Security Bulletin: Potential directory traversal vulnerability in WebSphere Application Server (CVE-2018-1797)

Security Bulletin: Potential Remote code execution vulnerability in WebSphere Application Server (CVE-2018-1904)

Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Security Bulletin: Potential Privilege Escalation Vulnerability in WebSphere Application Server (CVE-2018-1901)

Security Bulletin: Potential cross-site request forgery in WebSphere Application Server Admin Console (CVE-2018-1926)

Security Bulletin: Potential denial of service in WebSphere Application Server (CVE-2018-10237)

for vulnerability details and information about fixes.

Affected Version(s):

IBM Campaign and IBM Opportunity Detect 9.1.0, 9.1.2, 10.1, 11.0

IBM WebSphere Application Server version 7.0, 8.0, 8.5, 9.0

Reference(s):

http://www.ibm.com/support/docview[dot]wss?uid=ibm10795183

https://www.auscert.org.au/bulletins/75182