ByteOS Network

NVD Vulnerability Details :

CVE-2017-1731

Analyzed

Source-psirt@us.ibm.com

Published At-30 Jan, 2018 | 18:29

Updated At-03 Oct, 2019 | 00:03

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P

CPE Matches

IBM Corporation

>>websphere_application_server>>Versions from 7.0.0.0(inclusive) to 7.0.0.43(inclusive)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>Versions from 8.0.0.0(inclusive) to 8.0.0.14(inclusive)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>Versions from 8.5.0.0(inclusive) to 8.5.5.13(inclusive)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>Versions from 9.0.0.0(inclusive) to 9.0.0.6(inclusive)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R	psirt@us.ibm.com	Vendor Advisory
http://www.securityfocus.com/bid/102911	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040356	psirt@us.ibm.com	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/134912	psirt@us.ibm.com	VDB Entry Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History