vulnerability

IBM WebSphere Application Server: CVE-2018-1996: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:P/I:N/A:N)	Feb 19, 2019	Mar 14, 2019	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:N/A:N)

Published

Feb 19, 2019

Added

Mar 14, 2019

Modified

Mar 27, 2026

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

Solutions

ibm-was-install-7-0-0-0-ph05769ibm-was-install-8-0-0-0-ph05769ibm-was-install-8-5-0-0-ph05769ibm-was-install-9-0-0-0-ph05769ibm-was-upgrade-8-5-0-0-8-5-5-16ibm-was-upgrade-9-0-0-0-9-0-0-11

References

CVE-2018-1996
https://attackerkb.com/topics/CVE-2018-1996
CWE-327
EUVD-EUVD-2018-12575
IBM-ibm10793421
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-12575
https://exchange.xforce.ibmcloud.com/vulnerabilities/154650
https://www.ibm.com/support/docview.wss?uid=ibm10793421

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today