PT-2017-13828 · Ibm · Ibm Websphere Application Server

Published

2017-08-03

Updated

2019-10-03

CVE-2017-1504

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0.0.4

Description The issue is related to weaker than expected security in IBM WebSphere Application Server after using the PasswordUtil command to enable AES password encryption.

Recommendations For IBM WebSphere Application Server version 9.0.0.4, consider avoiding the use of the PasswordUtil command to enable AES password encryption until a fix is available. As a temporary workaround, review and strengthen password encryption settings to minimize potential security risks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-1504

Affected Products

Ibm Websphere Application Server

PT-2017-13828 · Ibm · Ibm Websphere Application Server

CVE-2017-1504

Related Identifiers

Affected Products

References · 5