IBM25385ABD495FA3915AB82572D51001DC8A4844C3B55D2A8E8BF2949E705C5066Security Bulletin: Weaker than expected security with Liberty Repository affecting Rational Application Developer for WebSphere Software (CVE-2014-4767)
EPSS
Percentile
80.2%
Summary
The WebSphere Application Server Liberty profile could provide weaker than expected security when installing features via the Liberty Repository. A remote attacker could exploit this vulnerability using a man-in-the-middle technique to cause the installation of malicious code.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE-ID:CVE-2014-4767
Description: IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
**CVSS Base Score:**4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94832> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM Rational Application Developer for WebSphere Software 9.1.0.1
Remediation/Fixes
Update the product to address this vulnerability:
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| Rational Application Developer | 9.1.0.1 | PI122652 | Apply the update for Rational Application Developer for WebSphere Software 9.1.1. |
Workarounds and Mitigations
None
Related
EPSS
Percentile
80.2%