CVE-2018-1957 Information

Description

IBM WebSphere Application Server 9 could allow sensitive information to be available caused by mishandling of data by the application based on an incorrect return by the httpServletRequestauthenticate() API when an unprotected URI is accessed. IBM X-Force ID: 153629.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/106203 https://exchange.xforce.ibmcloud.com/vulnerabilities/153629 https://www.ibm.com/support/docview.wss?uid=ibm10744247

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5