cnvd - cnvd-2018-24632

cnvd-2018-24632

Vulnerability from cnvd

Title

IBM WebSphere Application Server欺骗攻击漏洞

Description

IBM WebSphere Application Server（WAS）是美国IBM公司开发并发行的一款应用服务器产品，它是Java EE和Web服务应用程序的平台，也是IBM WebSphere软件平台的基础。 IBM WAS 7.0版本、8.0版本和8.5.5版本（使用Form Logi和Java SE 6版本）中存在安全漏洞。远程攻击者可利用该漏洞执行欺骗攻击。

Severity

中

Patch Name

IBM WebSphere Application Server欺骗攻击漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www-01.ibm.com/support/docview.wss?uid=ibm10716523

Reference

https://www-01.ibm.com/support/docview.wss?uid=ibm10716523

Impacted products

Name
['IBM WebSphere Application Server（WAS） 7.0', 'IBM WebSphere Application Server（WAS） 8.0', 'IBM WebSphere Application Server（WAS） 8.5.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1695",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1695"
    }
  },
  "description": "IBM WebSphere Application Server\uff08WAS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u5f00\u53d1\u5e76\u53d1\u884c\u7684\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\uff0c\u5b83\u662fJava EE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBM WebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002\n\nIBM WAS 7.0\u7248\u672c\u30018.0\u7248\u672c\u548c8.5.5\u7248\u672c\uff08\u4f7f\u7528Form Logi\u548cJava SE 6\u7248\u672c\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u6b3a\u9a97\u653b\u51fb\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ibm10716523",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24632",
  "openTime": "2018-12-05",
  "patchDescription": "IBM WebSphere Application Server\uff08WAS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u5f00\u53d1\u5e76\u53d1\u884c\u7684\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\uff0c\u5b83\u662fJava EE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBM WebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002\r\n\r\nIBM WAS 7.0\u7248\u672c\u30018.0\u7248\u672c\u548c8.5.5\u7248\u672c\uff08\u4f7f\u7528Form Logi\u548cJava SE 6\u7248\u672c\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM WebSphere Application Server\u6b3a\u9a97\u653b\u51fb\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM WebSphere Application Server\uff08WAS\uff09 7.0",
      "IBM WebSphere Application Server\uff08WAS\uff09 8.0",
      "IBM WebSphere Application Server\uff08WAS\uff09 8.5.5"
    ]
  },
  "referenceLink": "https://www-01.ibm.com/support/docview.wss?uid=ibm10716523",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-12",
  "title": "IBM WebSphere Application Server\u6b3a\u9a97\u653b\u51fb\u6f0f\u6d1e"
}

CVE-2018-1695 (GCVE-0-2018-1695)

Vulnerability from cvelistv5

Published

2018-09-06 14:00

Modified

2024-09-16 19:00

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

CWE

Gain Privileges

Summary

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

References

URL

Tags

	https://www-01.ibm.com/support/docview.wss?uid=ibm10716523	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/145769	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1041643	vdb-entry, x_refsource_SECTRACK