Vulnerability Description
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105150Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041558Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/148597VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10728689PatchVendor Advisory
- http://www.securityfocus.com/bid/105150Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041558Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/148597VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10728689PatchVendor Advisory
FAQ
What is CVE-2018-1755?
CVE-2018-1755 is a vulnerability with a CVSS score of 5.9 (MEDIUM). IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication S...
How severe is CVE-2018-1755?
CVE-2018-1755 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1755?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.