PT-2017-13828 · Ibm · Ibm Websphere Application Server

Publicado

2017-08-03

Atualizado

2019-10-03

CVE-2017-1504

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0.0.4

Description The issue is related to weaker than expected security in IBM WebSphere Application Server after using the PasswordUtil command to enable AES password encryption.

Recommendations For IBM WebSphere Application Server version 9.0.0.4, consider avoiding the use of the PasswordUtil command to enable AES password encryption until a fix is available. As a temporary workaround, review and strengthen password encryption settings to minimize potential security risks.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-1504

Produtos afetados

Ibm Websphere Application Server

PT-2017-13828 · Ibm · Ibm Websphere Application Server

CVE-2017-1504

Identificadores relacionados

Produtos afetados

Referências · 5