The WebSphere Application Server Liberty profile could provide weaker than expected security when installing features via the Liberty Repository. A remote attacker could exploit this vulnerability using a man-in-the-middle technique to cause the installation of malicious code.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE-ID:CVE-2014-4767
Description: IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
**CVSS Base Score:**4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94832> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM Rational Application Developer for WebSphere Software 9.1.0.1
Update the product to address this vulnerability:
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Rational Application Developer | 9.1.0.1 | PI122652 | Apply the update for Rational Application Developer for WebSphere Software 9.1.1. |
None