| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE ID | CVE-2017-1681 CVE-2017-1731 |
| CVSSv3 |
5.2 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] 7.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] |
| CWE ID |
CWE-200 CWE-264 |
| Exploitation vector | Network |
| Public exploit | Not available |
| Vulnerable software |
IBM WebSphere Application Server |
| Vulnerable software versions |
IBM WebSphere Application Server 8.5.0.0 IBM WebSphere Application Server 8.0.0.0 IBM WebSphere Application Server 7.0.0.0 IBM WebSphere Application Server 9.0.0.0 |
| Vendor URL | IBM Corporation |
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the web interface of IBM WebSphere Application Server
due to the improper handling of application
requests. A local attacker can send a specially crafted request and obtain unauthorized access to read a file.
Install update from vendor's website.
External linksThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the Administrative Console. A remote attacker can gain root or system privileges.
Install update from vendor's website.
External links