CVE-2018-1683 — Missing Encryption of Sensitive Data in IBM Websphere Application Server

CWE-311 — Missing Encryption of Sensitive Data5 documents5 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

0.2%

top 61.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedSep 26

Latest updateMay 13

Description

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/websphere_application_server< 18.0.0.3

▶CVEListV5ibm/websphere_application_serverunspecified

🔴Vulnerability Details

GHSA

GHSA-r586-f347-cfhg: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communica↗2022-05-13

▶

CVEList

CVE-2018-1683: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communica↗2018-09-26

▶

💥Exploits & PoCs

Nuclei

PRTG Network Monitor - Local File Inclusion

▶

💬Community

Bugzilla

CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions↗2018-10-18

▶