Security Bulletin
Summary
The following security vulnerability exists in all versions of IBM OpenPages with Application Server: See Vulnerability Details for CVE ID.
Vulnerability Details
DESCRIPTION:
Customers who have IBM OpenPages with Application Server are potentially impacted by the following vulnerability.
| CVE ID | DESCRIPTION |
| CVE-2014-2470 CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92417 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS Security component.
The attack requires network access, no authentication and a low degree of specialized knowledge and techniques. An attack may compromise the confidentiality of information, the availability of the system and the integrity of data. |
Affected Products and Versions
IBM OpenPages with Application Server 6.0 through 7.0.
Remediation/Fixes
A fix has been created that can remediate all affected versions of the named product. Download and install the fix as soon as practical. The fix and installation instructions are available at the URL listed below:
| Patch | Download URL |
| IBM OpenPages with Application Server IF 1 | http://www.ibm.com/support/docview.wss?uid=swg24038065 |
Workarounds and Mitigations
No known workaround, please apply fix.
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21680702