CVE-2018-1621 — Cleartext Storage of Sensitive Info in IBM Websphere Application Server

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

6.7MEDIUMNVD

CNA4.4

EPSS

0.0%

top 94.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 6

Latest updateMay 13

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/websphere_application_server4 versions+3

▶NVDibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-j697-3p87-7xvq: IBM WebSphere Application Server 7↗2022-05-13

▶

CVEList

CVE-2018-1621: IBM WebSphere Application Server 7↗2018-07-06

▶