IBM WebSphere Application Server OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code.
CVE(s): CVE-2018-1851
Affected product(s) and affected version(s):
IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Cloud Application Performance Management, Base Private 8.1.4
IBM Cloud Application Performance Management, Advanced Private 8.1.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10878867
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/150999
The post IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server OpenID Connect affects IBM Performance Management products appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Ufp4Iq
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.