PH01752:Possible security exposure in SAML Web SSO (CVE-2018-1793)

Download

Abstract

Possible security exposure in SAML Web SSO (CVE-2018-1793)

Download Description

PH01752 resolves the following problem:

ERROR DESCRIPTION:
Possible security exposure in SAML Web SSO (CVE-2018-1793).

PROBLEM SUMMARY:
Possible security exposure in SAML Web SSO (CVE-2018-1793).

LOCAL FIX:
For each application server profile, if the SAML Web SSO TAI is not configured, but the WebSphereSamlSP.ear is installed, uninstall WebSphereSamlSP.ear.

PROBLEM CONCLUSION:
The SAML ACS application, WebSphereSamlSP.ear, is updated to eliminate the reported security exposure.

When an interim fix for this APAR is installed, the fix will not be active on a profile until the installed SAML Web SSO application, WebSphereSamlSP.ear, is updated from the (WAS_HOME)/installableApps directory.

THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.23-WS-WAS-IFPH01752.pak applies to fix packs 7.0.0.23 through 7.0.0.45.
8.0.0.4-WS-WAS-IFPH01752.zip applies to fix packs 8.0.0.4 through 8.0.0.15.
8.5.5.0-WS-WASProd-IFPH01752.zip applies to fix packs 8.5.5.0 through 8.5.5.14.
9.0.0.0-WS-WASProd-IFPH01752.zip applies to fix packs 9.0.0.0 through 9.0.0.9.

The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL	SIZE(Bytes)
V70 Readme	5672
V80 Readme	2617
V85 Readme	2887
V90 Readme	2708

Download Package

DOWNLOAD	RELEASE DATE	SIZE(Bytes)	DOWNLOAD Options What is Fix Central(FC)?
7.0.0.23-WS-WAS-IFPH01752	09-05-2018	10729	FC
8.0.0.4-WS-WAS-IFPH01752	09-05-2018	230070	FC
8.5.5.0-WS-WASProd-IFPH01752	09-05-2018	238828	FC
9.0.0.0-WS-WASProd-IFPH01752	09-05-2018	231727	FC

Problems Solved

PH01752

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.23;7.0.0.25;7.0.0.27;7.0.0.29;7.0.0.31;7.0.0.33;7.0.0.35;7.0.0.37;7.0.0.39;7.0.0.41;7.0.0.43;7.0.0.45;8.0.0.10;8.0.0.11;8.0.0.12;8.0.0.13;8.0.0.14;8.0.0.15;8.0.0.4;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9;8.5;8.5.0.1;8.5.0.2;8.5.5;8.5.5.1;8.5.5.10;8.5.5.11;8.5.5.12;8.5.5.13;8.5.5.14;8.5.5.2;8.5.5.3;8.5.5.4;8.5.5.5;8.5.5.6;8.5.5.7;8.5.5.8;8.5.5.9;9.0.0.0;9.0.0.1;9.0.0.2;9.0.0.3;9.0.0.4;9.0.0.5;9.0.0.6;9.0.0.7;9.0.0.8, 9.0.0.9","Edition":"Base,Network Deployment,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PH01752

Was this topic helpful?

Document Information

Modified date:
05 October 2018

UID

ibm10730545

Tips