SB2019051131 - Exposure of resource to wrong sphere in IBM Tivoli System Automation Application Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019051131

SB2019051131 - Exposure of resource to wrong sphere in IBM Tivoli System Automation Application Manager

Published: May 11, 2019 Updated: September 26, 2023

Security Bulletin ID SB2019051131
CSH Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2018-1840)

The vulnerability allows a remote attacker to elevate privileges on the system.

The vulnerability exists when security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. A remote unauthenticated attacker can trigger the vulnerability and elevate privileges on the system.


Remediation

Install update from vendor's website.

References