Medium Severity

IBM Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501)

Share this post:

There is a potential security vulnerability in the WebSphere Application Server Admin Console if you have updated the web services security bindings settings. If you changed the cipher suites in the web services security bindings settings they may not have been saved properly and thus be weaker security then you expected. Verify that your settings are what you expect.

CVE(s): CVE-2017-1501

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0
  • Version 8.5
  • Version 8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22006810
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/129576

More stories

Security Bulletin: IBM Maximo Asset Management is vulnerable to Privilege Escalation (CVE-2019-4530)

Nov 19, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4530 DESCRIPTION:   IBM Maximo Asset Management could allow an authenticated user to delete a record that they should not normally be able to.CVSS Base score: 4.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165586 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) ...read more


Security Bulletin: Denial of Service vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2019-4096)

Nov 15, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-4046 DESCRIPTION:   IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242.CVSS Base score: 5.9CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony

Nov 14, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-16335 DESCRIPTION:   A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167205 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:   CVE-2019-14379 DESCRIPTION:   SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.CVSS Base score: 9.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165286 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-14439 DESCRIPTION:   A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.CVSS Base score: 5.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164744 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ...read more