Test ID:	1.3.6.1.4.1.25623.1.0.140161
Category:	Web Servers
Title:	IBM WebSphere Application Server Multiple Vulnerabilities (swg21997743, swg21993797, swg21992315)
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple vulnerabilities are due to - An input validation error in the 'Admin Console' of WebSphere Application Server. - Allowing serialized objects from untrusted sources to run. Vulnerability Impact: Successful exploitation of these vulnerabilities allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session, also can lead to a denial of service condition. Affected Software/OS: IBM WebSphere Application Server versions 9.0.0.0 through 9.0.0.2, 8.5.0.0 through 8.5.5.11, 8.0.0.0 through 8.0.0.12 and 7.0.0.0 through 7.0.0.41. Solution: Update to version 9.0.0.3, 8.5.5.12, 8.0.0.14, 7.0.0.43 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-1121 BugTraq ID: 96164 http://www.securityfocus.com/bid/96164 http://www.securitytracker.com/id/1037806 Common Vulnerability Exposure (CVE) ID: CVE-2016-8919 BugTraq ID: 95650 http://www.securityfocus.com/bid/95650 http://www.securitytracker.com/id/1037710
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.