Medium Severity

IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2018-1996)

Share this post:

WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

CVE(s): CVE-2018-1996

Affected product(s) and affected version(s):

Affected Product Name Affected Versions
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6, V2.5.0.7, V2.5.0.8, V2.5.0.9, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/960284
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154650

More stories

Security Bulletin: Vulnerabilities in WAS Liberty affect IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center

Nov 20, 2019 11:35 am EST | Medium Severity

There are vulnerabilities in WAS Liberty used by IBM Spectrum LSF Suite, Spectrum LSF Suite for HPA and Spectrum LSF Application Center. Affected product(s) and affected version(s): Spectrum LSF Suite 10.2, Spectrum LSF Suite for HPA 10.2, Spectrum LSF Application Center 10.2 Refer to the following reference URLs for remediation and additional vulnerability details:   ...read more


Security Bulletin: IBM Maximo Asset Management is vulnerable to Privilege Escalation (CVE-2019-4530)

Nov 19, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4530 DESCRIPTION:   IBM Maximo Asset Management could allow an authenticated user to delete a record that they should not normally be able to.CVSS Base score: 4.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165586 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) ...read more


Security Bulletin: Denial of Service vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2019-4096)

Nov 15, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4046 DESCRIPTION:   IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.CVSS Base score: 5.9CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) ...read more