CVE-2017-1731

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
7.0.0.0 ≤
𝑥
≤ 7.0.0.43
ibmwebsphere_application_server
8.0.0.0 ≤
𝑥
≤ 8.0.0.14
ibmwebsphere_application_server
8.5.0.0 ≤
𝑥
≤ 8.5.5.13
ibmwebsphere_application_server
9.0.0.0 ≤
𝑥
≤ 9.0.0.6
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R
http://www.securityfocus.com/bid/102911
http://www.securitytracker.com/id/1040356
https://exchange.xforce.ibmcloud.com/vulnerabilities/134912
http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R
http://www.securityfocus.com/bid/102911
http://www.securitytracker.com/id/1040356
https://exchange.xforce.ibmcloud.com/vulnerabilities/134912