Site icon API Security Blog

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2018-1794)

## Summary

WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

## Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section.

## Affected Products and Versions

IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1

## Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.

Principal Product and Version(s)

|

Affected Supporting Product and Version

|

Affected Supporting Product Security Bulletin

—|—|—

IBM Tivoli System Automation Application Manager 4.1

|

WebSphere Application Server 8.5

|

_[Security Bulletin: Cross-site scripting vulnerability in OAuth ear in WebSphere Application Server (CVE-2018-1794)]()_

## Workarounds and Mitigations

None.

## Get Notified about Future Security Bulletins

Subscribe to [My Notifications]() to be notified of important product support alerts like this.

### References

[Complete CVSS v3 Guide]( “Link resides outside of ibm.com” )
[On-line Calculator v3]( “Link resides outside of ibm.com” )

Off

## Related Information

[IBM Secure Engineering Web Portal]()
[IBM Product Security Incident Response Blog]()

## Acknowledgement

The vulnerability was reported to IBM by Benoit Ct-Jodoin

## Change History

12 November 2018: Original version published.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

## Disclaimer

Review the [IBM security bulletin disclaimer and definitions]() regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{“Business Unit”:{“code”:”BU059″,”label”:”IBM Software w/o TPS”},”Product”:{“code”:”SSPQ7D”,”label”:”Tivoli System Automation Application Manager”},”Component”:”Not Applicable”,”Platform”:[{“code”:”PF002″,”label”:”AIX”},{“code”:”PF016″,”label”:”Linux”}],”Version”:”4.1″,”Edition”:”All Editions”,”Line of Business”:{“code”:”LOB45″,”label”:”Automation”}}]Read More

Exit mobile version