CVE-2017-1731

moderate-risk
Published 2018-01-30

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Ibm

References (8)

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQ...
Third Party Advisory http://www.securityfocus.com/bid/102911
Third Party Advisory http://www.securitytracker.com/id/1040356
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/134912
Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQ...
Third Party Advisory http://www.securityfocus.com/bid/102911
Third Party Advisory http://www.securitytracker.com/id/1040356
VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/134912
40
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal