CVE-2018-1614Sensitive Information Exposure in IBM Websphere Application Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
CNA5.8
EPSS
0.3%
top 50.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedJun 26
Latest updateMay 13

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/websphere_application_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-h4q6-p2wv-cqpv: IBM WebSphere Application Server 72022-05-13
CVEList
CVE-2018-1614: IBM WebSphere Application Server 72018-06-26
CVE-2018-1614 — Sensitive Information Exposure in IBM | cvebase