Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty
CVE-2018-1553

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
27 June 2018

Summary

An information disclosure vulnerability exists in IBM WebSphere Application Server Liberty prior to version 18.0.0.2. This issue arises from improper exception handling in the SAML Web Single Sign-On (SSO) feature, potentially allowing a remote attacker to access sensitive information. It's crucial for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

IBM WebSphere Application Server Liberty = unspecified

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.