CVE-2018-1996 — Use of a Broken or Risky Cryptographic Algorithm in IBM Websphere Application Server

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 74.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedFeb 19

Latest updateMay 13

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/websphere_application_server7.0.0.0 — 7.0.0.45+3

▶CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-mr7v-7fhq-m8f2: IBM WebSphere Application Server 7↗2022-05-13

▶

CVEList

CVE-2018-1996: IBM WebSphere Application Server 7↗2019-02-19

▶