vulnerability

IBM WebSphere Application Server: CVE-2018-1755: Information disclosure in WebSphere Application Server Liberty (CVE-2018-1755)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Aug 24, 2018	Oct 23, 2018	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Aug 24, 2018

Added

Oct 23, 2018

Modified

Aug 11, 2025

Description

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.

Solutions

ibm-was-install-8-5-ph01295-libertyibm-was-upgrade-8-5-18-0-0-3-liberty

References

CVE-2018-1755
https://attackerkb.com/topics/CVE-2018-1755
CWE-200
IBM-ibm10728689
URL-https://exchange.xforce.ibmcloud.com/vulnerabilities/148597
URL-https://www.ibm.com/support/docview.wss?uid=ibm10728689

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today