CVE-2018-1719

Опубликовано: 14 сент. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.

Ссылки

http://www.securitytracker.com/id/1041718
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/147292
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10718837
Vendor Advisory
http://www.securitytracker.com/id/1041718
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/147292
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10718837
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия от 8.5.0.0 (включая) до 8.5.5.14 (включая)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия от 9.0.0.0 (включая) до 9.0.0.8 (включая)

EPSS

Процентиль: 49%

0.00256

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-9x83-932v-7gvm