Severity | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE ID | CVE-2017-1681 CVE-2017-1731 |
CVSSv3 |
5.2 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] |
CWE ID |
CWE-200 CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
IBM WebSphere Application Server |
Vulnerable software versions |
IBM WebSphere Application Server 8.5.0.0 IBM WebSphere Application Server 8.0.0.0 IBM WebSphere Application Server 7.0.0.0 IBM WebSphere Application Server 9.0.0.0 |
Vendor URL | IBM Corporation |
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the web interface of IBM WebSphere Application Server
due to the improper handling of application
requests. A local attacker can send a specially crafted request and obtain unauthorized access to read a file.
Install update from vendor's website.
External linksThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the Administrative Console. A remote attacker can gain root or system privileges.
Install update from vendor's website.
External links