Professional Documents
Culture Documents
Software Affected
Overview
Multiple vulnerabilities have been reported in IBM Websphere Portal which could allow a remote attacker to obtain sensitive
information of the affected system.
Description
This vulnerability exists in the Web Application Bridge component of IBM WebSphere Portal due to exposing of backend server
URLs which are configured to be used by the Web Application Bridge component. A remote attacker could exploit this
vulnerability to obtain sensitive information from the affected system.
Successful exploitation could allow the attacker to conduct further attacks.
This vulnerability exists in IBM Websphere Portal due to a condition that exists from an error message which returned from the
affected system. A remote attacker could exploit this vulnerability by sending malicious requests that triggers an error message.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the affected system.
This could be leveraged to conduct further attacks.
Solution
http://www-01.ibm.com/support/docview.wss?uid=swg22011519
Vendor Information
IBM
http://www-01.ibm.com/support/docview.wss?uid=swg22011400
http://www-01.ibm.com/support/docview.wss?uid=swg22011519
References
IBM
http://www-01.ibm.com/support/docview.wss?uid=swg22011400
http://www-01.ibm.com/support/docview.wss?uid=swg22011519
Security Tracker
http://securitytracker.com/id/1040017
https://securitytracker.com/id/1040043
Cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=56285
1/2
04/01/2018 CERT-In Vulnerability Notes
https://tools.cisco.com/security/center/viewAlert.x?alertId=56323
CVE Name
CVE-2017-1423
CVE-2017-1698
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in
Phone: +91-11-24368572
Postal address
2/2