CVE-2018-1695 : IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Lo

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

Published 2018-09-06 14:29:01

Updated 2020-08-24 17:37:01

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2018-1695

IBM » Websphere Application Server » Version: 8.0.0.0
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5.0
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.0
cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-1695

Top countries where our scanners detected CVE-2018-1695

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2018-1695 474

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-1695!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-1695

EPSS FAQ

0.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 63 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1695

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
5.6	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	2.2	3.4	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
7.3	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	3.9	3.4	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2018-1695

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1695

http://www.securitytracker.com/id/1041643

IBM WebSphere Application Server Form Login Bug Lets Remote Users Spoof Content - SecurityTracker
Third Party Advisory;VDB Entry
https://www-01.ibm.com/support/docview.wss?uid=ibm10716523

IBM Security Bulletin: Potential spoofing attack in WebSphere Application Server (CVE-2018-1695)
Mitigation;Vendor Advisory;Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/145769

IBM WebSphere Application Server spoofing CVE-2018-1695 Vulnerability Report
VDB Entry;Vendor Advisory