Low Severity

IBM Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)

Share this post:

There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router (ODR). This only occurs when the system clock is changed. If the system clock is changed it could cause stale data to be cached and served.

CVE(s): CVE-2017-1381

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0 – you are only affected if you have changed the default value for the custom property cache.query.string to false
  • Version 8.5
  • Version 8.0
  • Version 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22004792
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/127152

More stories

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2654

Aug 5, 2020 8:01 pm EDT | Low Severity

IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ is supported by IBM i. IBM i has addressed the applicable CVE. ...read more


Security Bulletin: CVE-2020-2590 may affect IBM® SDK, Java™ Technology Edition

Aug 5, 2020 8:00 pm EDT | Low Severity

CVE-2020-2590 was disclosed as part of the Oracle January 2020 Critical Patch Update. ...read more


Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4243)

Aug 4, 2020 8:00 pm EDT | Low Severity

IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The vulnerability concerns session not invalidated after Logout in IBM Security Access Request. ...read more