Backend Server URL Exposure in IBM WebSphere Portal 8.5 and 9.0
CVE-2017-1423

5.3MEDIUM

Key Information:

Vendor

IBM
Status
Websphere Portal
Vendor
CVE Published:
20 December 2017

What is CVE-2017-1423?

IBM WebSphere Portal versions 8.5 and 9.0 contain a vulnerability in which backend server URLs, configured for use by the Web Application Bridge component, are exposed. This exposure could potentially allow unauthorized access or manipulation of sensitive data, leading to significant security risks. It is crucial for users and administrators to be aware of this vulnerability and implement necessary measures to secure their environments.

Affected Version(s)

WebSphere Portal 8.5

WebSphere Portal 9.0

References

https://www.ibm.com/support/docview.wss?uid=swg22011400
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040017
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/127476
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.