CVE-2018-1755

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server Liberty (affected versions not specified)

Description The issue is caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC), allowing a remote attacker to obtain sensitive information. This can occur when the Application Server is configured to permit access on non-secure (http) port and is using JASPIC or JSR375 authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.