Vulnerability Name: CVE-2018-1621 (CCN-144346) Assigned: 2017-12-13 Published: 2018-06-28 Updated: 2019-10-09 Summary: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. CVSS v3 Severity: 6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-312 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2018-1621 Information Disclosure in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2018-1621 Multiple security vulnerabilities affect IBM WebSphere Application Server in IBM Cloud (CVE-2018-1614, CVE-2018-1621) Multiple vulnerabilities in WebSphere application server affect IBM Workload Scheduler Information Disclosure in WebSphere Application Server (CVE-2018-1621) http://www.ibm.com/support/docview.wss?uid=swg22016821 1041226 ibm-websphere-cve20181621-info-disc(144346) ibm-websphere-cve20181621-info-disc(144346) Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement (CVE-2018-1621) Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* AND cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:emptoris_sourcing:*:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* BACK
ibm websphere application server 7.0.0.0
ibm websphere application server 8.0.0.0
ibm websphere application server 8.5.0.0
ibm websphere application server 9.0.0.0
ibm websphere application server 7.0
ibm websphere application server 8.0
ibm websphere application server 8.5
ibm websphere application server 9.0
ibm tivoli monitoring 6.2.3
ibm tivoli monitoring 6.2.3.1
ibm tivoli monitoring 6.2.3.2
ibm tivoli monitoring 6.2.3
ibm tivoli monitoring 6.2.3.1
ibm tivoli monitoring 6.2.3.2
ibm tivoli monitoring 6.2.3.3
ibm tivoli monitoring 6.2.3.4
ibm tivoli monitoring 6.2.3.5
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm tivoli monitoring 6.3.0.7
ibm emptoris sourcing *
ibm tivoli monitoring 6.2.3.3
ibm tivoli monitoring 6.2.3.4
ibm tivoli monitoring 6.2.3.5
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm tivoli monitoring 6.3.0.7
Denotes that component is vulnerable