CVE-2017-1151 — Corporation Websphere Application Server vulnerability

3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.6%

top 31.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Websphere Application Server IBM Websphere Application Server

Timeline

PublishedMar 20

Latest updateMay 13

Description

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/websphere_application_server4 versions+3

▶CVEListV5ibm_corporation/websphere_application_server4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c7pj-f83g-rh3v: IBM WebSphere Application Server 8↗2022-05-13

▶

CVEList

CVE-2017-1151: IBM WebSphere Application Server 8↗2017-03-20

▶