There is an information disclosure vulnerability in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty is used by IBM MessageSight. IBM MessageSight has addressed the applicable CVE.
CVEID: CVE-2017-1583**
DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132342 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected IBM MessageSight
| Affected Versions
—|—
IBM MessageSight| v1.1 - 1.1.0.1
IBM MessageSight| v1.2 – 1.2.0.3
IBM MessageSight| v2.0 – 2.0.0.2
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT23078| 1.1.0.1-IBM-IMA-IF__IT23384
IBM MessageSight| 1.2| IT23078| 1.2.0.3-IBM-IMA-IFIT23384
IBM MessageSight| 2.0| IT23078| 2.0.0.2-IBM-IMA-IF__IT23078
CPE | Name | Operator | Version |
---|---|---|---|
ibm messagesight | eq | 1.1 | |
ibm messagesight | eq | 1.2 | |
ibm messagesight | eq | 2.0 |