Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty
CVE-2018-1553

5.3MEDIUM

Key Information:

Vendor
IBM
Status
IBM Websphere Application Server Liberty
Vendor
CVE Published:
27 June 2018

Summary

An information disclosure vulnerability exists in IBM WebSphere Application Server Liberty prior to version 18.0.0.2. This issue arises from improper exception handling in the SAML Web Single Sign-On (SSO) feature, potentially allowing a remote attacker to access sensitive information. It's crucial for users to upgrade to the latest version to mitigate this risk.

Affected Version(s)

IBM WebSphere Application Server Liberty = unspecified

References

http://www.securityfocus.com/bid/104585
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/142890
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg22016218
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.