| Vulnerability Name: | CVE-2017-1381 (CCN-127152) | ||||||||||||
| Assigned: | 2016-11-30 | ||||||||||||
| Published: | 2017-07-18 | ||||||||||||
| Updated: | 2019-05-03 | ||||||||||||
| Summary: | IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. | ||||||||||||
| CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
2.6 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-1381 Source: CCN Type: IBM Security Bulletin 2004792 (WebSphere Application Server) Information disclosure in WebSphere Application Server (CVE-2017-1381) Source: CONFIRM Type: Patch, Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg22004792 Source: CCN Type: IBM Security Bulletin 2007446 (Tivoli Netcool Configuration Manager) Information disclosure in WebSphere Application Server (CVE-2017-1381) may affect IBM Tivoli Netcool Configuration Manager (ITNCM) Source: CCN Type: IBM Security Bulletin 2009348 (Spectrum Protect for Workstations) Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381) Source: CCN Type: IBM Security Bulletin 2010172 (WebSphere Application Server for Bluemix) Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix Source: BID Type: Third Party Advisory, VDB Entry 99917 Source: CCN Type: BID-99917 IBM WebSphere Application Server CVE-2017-1381 Local Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1038985 Source: MISC Type: VDB Entry, Vendor Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/127152 Source: XF Type: UNKNOWN ibm-websphere-cve20171381-info-disc(127152) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||