IBM WebSphere Application Server Multiple Vulnerabilities
High Nessus Plugin ID 83290
SynopsisThe remote application server is affected by multiple vulnerabilities.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 184.108.40.206 / 220.127.116.11 / 18.104.22.168 / 22.214.171.124 or prior. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the SNMP component due to improper handling of configuration data. An authenticated, remote attacker can exploit this disclose sensitive information. (CVE-2015-0174)
- An unspecified flaw exists in the liberty profile due to improper handling of authData elements. An authenticated, remote attacker can exploit this to gain elevated privileges. (CVE-2015-0175)
- An unspecified flaw exists in the liberty profile that is triggered when the run-as user for EJB is not honored under multi-threaded race conditions. An authenticated, remote attacker can exploit this to gain elevated privileges. (CVE-2015-1882)
- A flaw exists that allows a remote attacker to execute arbitrary code by connecting to a management port using a specific sequence of instructions. (CVE-2015-1920)
SolutionApply Interim Fix PI38302.