CVE-2018-1553 — Sensitive Information Exposure in IBM Websphere Application Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.2%

top 51.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Application Server Liberty

Timeline

PublishedJun 27

Latest updateMay 13

Description

IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow a remote attacker to obtain sensitive information, caused by mishandling of exceptions by the SAML Web SSO feature. IBM X-Force ID: 142890.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/ibm_websphere_application_server_libertyunspecified

▶NVDibm/websphere_application_server< 18.0.0.2

🔴Vulnerability Details

GHSA

GHSA-5mxj-wjg2-cchh: IBM WebSphere Application Server Liberty prior to 18↗2022-05-13

▶

CVEList

CVE-2018-1553: IBM WebSphere Application Server Liberty prior to 18↗2018-06-27

▶