CVE-2018-1719IBM Websphere Application Server vulnerability

4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 52.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedSep 14
Latest updateMay 13

Description

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_application_server8.5.0.08.5.5.14+1
CVEListV5ibm/websphere_application_server8.5, 9.0+1

🔴Vulnerability Details

2
GHSA
GHSA-9x83-932v-7gvm: IBM WebSphere Application Server 82022-05-13
CVEList
CVE-2018-1719: IBM WebSphere Application Server 82018-09-14

💥Exploits & PoCs

1
Exploit-DB
ILIAS < 5.2.4 - Cross-Site Scripting2018-01-15
CVE-2018-1719 — IBM vulnerability | cvebase