Main Vulnerability Database Vulnerabilities #VU14520

Information disclosure in IBM WebSphere Application Server Liberty - CVE-2018-1755

Published: August 23, 2018 / Updated: August 24, 2018

Vulnerability identifier: #VU14520

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-1755

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM WebSphere Application Server Liberty

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to the system does not use the proper transport when configured to use Java Authentication SPI for Containers (JASPIC) and to permit access. A remote attacker can use a non-secure (e.g., HTTP) port and JASPIC or JSR375 authentication to gain access to potentially sensitive information.

How to mitigate CVE-2018-1755

Update to version 18.0.0.3.

Sources

http://www-01.ibm.com/support/docview.wss?uid=ibm10728689

Information disclosure in IBM WebSphere Application Server Liberty - CVE-2018-1755

Detailed vulnerability description

How to mitigate CVE-2018-1755

Sources

Please verify you're human