Lucene search

IBM6A24DAB3EABCF3CC03951DD6E55B7684F1D762AD57F7F0D43C365CB60F66B85F

HistorySep 14, 2022 - 3:02 p.m.

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1777)

2022-09-1415:02:20

www.ibm.com

ibm

websphere

application server

business automation workflow

business process manager

enterprise service bus

cross-site scripting

vulnerability

security bulletin

cve-2018-1777

cumulative fix

upgrading

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

25.3%

JSON

Summary

WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and IBM Business Process Manager Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Potential cross-site scripting vulnerability in the WebSphere Application Server Admin Console (CVE-2018-1777) vulnerability details and information about fixes.

Affected Products and Versions

- IBM Business Automation Workflow V18.0.0.0 through V18.0.0.1

- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.0.0 through V8.5.0.2

- IBM Business Process Manager V8.0.0.0 through V8.0.1.3

- IBM Business Process Manager V7.5.0.0 through V7.5.1.2

- IBM Business Process Manager Enterprise Service Bus V8.6.0.0

- WebSphere Enterprise Service Bus Registry Edition V7.5.0.0 through V7.5.1.2

- WebSphere Lombardi Edition V7.2.0.0 through V7.2.0.5 (and earlier unsupported releases)

- WebSphere Enterprise Service Bus V7.0.0.0 through V7.0.0.5

- WebSphere Enterprise Service Bus Registry Edition V7.0.0.0 through V7.0.0.5

- WebSphere Enterprise Service Bus V7.5.0.0 through V7.5.1.2

Note that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

For_ earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_process_managerMatch8.6.0.

ibmbusiness_process_managerMatch201803

ibmbusiness_process_managerMatch8.6.0.

ibmbusiness_process_managerMatch201712

ibmbusiness_process_managerMatch8.6

ibmbusiness_process_managerMatch8.6.0.express

ibmbusiness_process_managerMatch201803express

ibmbusiness_process_managerMatch8.6.0.express

ibmbusiness_process_managerMatch201712express

ibmbusiness_process_managerMatch8.6express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201706express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201703express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201612express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201609express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201606express

ibmbusiness_process_managerMatch8.5.7express

ibmbusiness_process_managerMatch8.5.6.2express

ibmbusiness_process_managerMatch8.5.6.1express

ibmbusiness_process_managerMatch8.5.6express

ibmbusiness_process_managerMatch8.5.5express

ibmbusiness_process_managerMatch8.5.0.2express

ibmbusiness_process_managerMatch8.5.0.1express

ibmbusiness_process_managerMatch8.5express

ibmbusiness_process_managerMatch8.0.1.3express

ibmbusiness_process_managerMatch8.0.1.2express

ibmbusiness_process_managerMatch8.0.1.1express

ibmbusiness_process_managerMatch8.0.1express

ibmbusiness_process_managerMatch8.0express

ibmbusiness_process_managerMatch7.5.1.2express

ibmbusiness_process_managerMatch7.5.1.1express

ibmbusiness_process_managerMatch7.5.1express

ibmbusiness_process_managerMatch7.5.0.1express

ibmbusiness_process_managerMatch7.5express