Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2501
A vulnerability in IBM Websphere Application Server could
affect IBM Cloud App Management
9 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Cloud App Management
Publisher: IBM
Operating System: Linux variants
Impact/Access: Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-1902
Reference: ESB-2019.2462
ESB-2019.2459
ESB-2019.0840
ESB-2019.0803
ESB-2019.0742
ESB-2018.0660.10
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10958231
- --------------------------BEGIN INCLUDED TEXT--------------------
A vulnerability in IBM Websphere Application Server could affect IBM Cloud App
Management
Product: IBM Cloud App Management
Software version: V2018.2.0, V2018.4.0, V2018.4.1, V2019.2.0
Operating system(s): Linux
Reference #: 0958231
Security Bulletin
Summary
There is a vulnerability in IBM Websphere Application Server used by IBM Cloud
App Management. WebSphere Application Server could allow a remote attacker to
spoof connection information which could be used to launch further attacks
against the system. IBM Cloud App Management has addressed the applicable CVE
in a later version.
Vulnerability Details
CVEID: CVE-2018-1902
DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to
spoof connection information which could be used to launch further attacks
against the system.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152531 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM Cloud App Management V2018.2.0
IBM Cloud App Management V2018.4.0
IBM Cloud App Management V2018.4.1
IBM Cloud App Management V2019.2.0
Remediation/Fixes
IBM Cloud App Managementwas updated to use a later version of Websphere
Application Server. Install or upgrade to IBM Cloud App Management V2019.2.1 to
address these security vulnerabilities. IBM Cloud App Management V2019.2.1 is
available on IBM Passport Advantage .
Workarounds and Mitigations
None
Change History
3 July 2019: Original version published
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSQJi2aOgq3Tt24GAQgu2w//f319mg88ndw4mo4P2FdiiG54ArnXrzsJ
UxpY80sIlDaEI18lykiYFXWAurk0aVoMzd975gVZDf5krOcyEX9pr3mm++eubQQX
Lw5vX4NBvhPvYPvEP0TwpupiotnJpPdRsW1atJkzCn9wN0sevTYtVYChav/3v9oe
nXJaSpj+kTTm50cIAjyjPxJMp2gyHZvR84bN5i6XlqTlvfyOmReTu/+UUSQburCM
lPTxQo+6YRMqeQY+8HravjGCrVkOuesdxXiQEE2Ledi4kgMy36RhvZWPQVT1av+j
TdxbdBkRejJ44AXp5jYD7PCzQBk+cMoAvCDu3vEXM4UQ4Ze/YuW+m2rnPXLW00vg
ab4LS+WjxAcI/B5w0ZTO3DyVkeyqvJKlvHFyOsXVLXpk1O7puz+1pT3AZzCyzo+i
Im4QLfeEILB62z7ifLJxW71r9gohTRyBZt1j/IJhZWVi+LU+02u1cZnWImI6JRj1
mXUS0ZMEApkkycifyq5pbgWnLsXOdQD73GRPO7XAzvKfcGTiVVYZ9E9bUuvTpvCC
mqBDDb5gLgsdXNcLOOt13yiEjbuJp1+fK9+nAM6ZEcEOJ1cHgHwKqKjXvpvIBaH9
gpZpIAgYjGk+JkH8iUSsFKETN2zF7633dudCrnAE+7zzNv5Sz9cz51qbXK1XCO7M
u8/CFDSFsX0=
=ouUE
-----END PGP SIGNATURE-----