Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix (CVE-2017-1151, CVE-2017-1137, CVE-2017-1194)
  • WebSphere Application Server
  • Sydney
    Germany
    United Kingdom
    US South
  • Description
    There is a potential privilege escalation vulnerability in traditional WebSphere Application Server when you use the OpenID Connect (OIDC) Trust Association Interceptor (TAI). This issue does not affect WebSphere Application Server Liberty. There is a potential for weaker than expected security with the Administrative Console in WebSphere Application Server. There is a potential cross-site request forgery in WebSphere Application Server OAuth service provider.

    A user action is needed to update your WebSphere Application Server service instances in Bluemix.

    For more information, see the security bulletin.