IBM Support

Security Bulletin: Vulnerability in IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-1901)

Created by Prabha Dinu on
Published URL:
https://www.ibm.com/support/pages/node/878761
878761

Security Bulletin


Summary

IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty could allow a remote attacker to temporarily gain elevated privileges on the system. The issue is caused by an incorrect cached value being used.

Vulnerability Details

CVEID: CVE-2018-1901
DESCRIPTION: IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty could allow a remote attacker to temporarily gain elevated privileges on the system. The issue is caused by an incorrect cached value being used.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/152530 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM SPSS Analytic Server 2.0.0.0
IBM SPSS Analytic Server 2.1.0.0
IBM SPSS Analytic Server 3.0.0.0

Remediation/Fixes

The recommended solutions include upgrading to IBM SPSS Analytic Server 3.2.1, or upgrading your IBM WebSphere Application Server Liberty version as described in the WebSphere Application Server security bulletin.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSWLVY","label":"IBM SPSS Analytic Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Analytic Server","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"2.0;2.1;3.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
27 March 2019

UID

ibm10878761