Sign In

Предупреждения


A Vulnerability in IBM WebSphere Application Server


IBM released a security bulletin and Interim Fix PH03986  address to a vulnerability in IBM WebSphere Application Server that could allow for remote code execution. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

SYSTEMS AFFECTED:

  • IBM WebSphere Application Server 9.0 prior to 9.0.0.10
  • IBM WebSphere Application Server 9.0 prior to 9.0.0.9 (Interim Fix PH04060)
  • IBM WebSphere Application Server 8.5 prior to 8.5.5.15
  • IBM WebSphere Application Server 8.5 prior to 8.5.5.14 (Interim Fix PH04060)
  • IBM WebSphere Application Server 8.0 prior to 8.0.0.15 (Interim Fix PH04060)
  • IBM WebSphere Application Server 7.0 prior to 7.0.0.45 (Interim Fix PH04060)


CERT Bulgaria recommends users and administrators to review the IBM security bulletin and the following actions to take:

  • Upgrade to the latest version of IBM WebSphere Application Server immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

https://www-01.ibm.com/support/docview.wss?uid=swg22016254

IBM reminds that WebSphere Application Server V7 and V8 are no longer in full support;

IBM recommends upgrading to a fixed, supported version/release/platform of the product.


14/12/2018

NEW VIRUSES RSS
VULNERABILITIES RSS