Sensitive Information Disclosure in IBM WebSphere Application Server by Local Attackers
CVE-2017-1681

3.3LOW

Key Information:

Vendor
IBM
Status
Liberty For Java For Bluemix
Vendor
CVE Published:
11 January 2018

Summary

IBM WebSphere Application Server, specifically the IBM Liberty for Java for Bluemix version 3.15, is impacted by a vulnerability that permits local attackers to gain unauthorized access to sensitive information. This issue arises from improper handling of application requests, potentially allowing attackers to read confidential files on the system. Organizations using this software must evaluate their installation and implement necessary security measures to mitigate exposure.

Affected Version(s)

Liberty for Java for Bluemix 3.15

References

http://www.ibm.com/support/docview.wss?uid=swg22011863
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040357
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/134003
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.