Medium Severity

IBM Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Share this post:

There is a potential privilege elevation vulnerability in WebSphere Application Server after migration from WebSphere Application Server Version 8 when a security domain is configured to use a federated repository other than global federated repository.

CVE(s): CVE-2018-1840

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0
  • Version 8.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10735767
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150813

More stories

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)

May 30, 2020 8:00 pm EDT | Medium Severity

There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Spectrum Conductor and IBM Spectrum Conductor with Spark

May 29, 2020 8:00 pm EDT | Medium Severity

There is an unspecified vulnerability (CVE-2019-2949) in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3.0, and IBM Spectrum Conductor with Spark 2.2.1. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0, IBM Spectrum Conductor 2.3, and IBM Spectrum Conductor with Spark 2.2.1 have addressed the applicable CVE. ...read more


Security Bulletin: Vulnerabilities in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2019-18348)

May 29, 2020 8:00 pm EDT | Medium Severity

Vulnerabilities in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2019-18348) ...read more