Main Vulnerability Database Vulnerabilities #VU9681

#VU9681 Information disclosure in WebSphere Portal - CVE-2017-1423

Published: December 16, 2017 / Updated: December 18, 2017

Vulnerability identifier: #VU9681

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-1423

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WebSphere Portal

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in the Web Application Bridge component. A remote attacker can gain access to potentially sensitive information in backend server URLs configured for usage by the Web Application Bridge component.

Remediation

Install update from vendor's website.

External links

http://www-01.ibm.com/support/docview.wss?uid=swg22011400

#VU9681 Information disclosure in WebSphere Portal - CVE-2017-1423

Description

Remediation

External links

Please verify you're human