vulnerability

IBM WebSphere Application Server: CVE-2018-1996: Weaker than expected security in WebSphere Application Server with SP800-131 transition mode (CVE-2018-1996)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:P/I:N/A:N)	Feb 19, 2019	Mar 14, 2019	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:N/A:N)

Published

Feb 19, 2019

Added

Mar 14, 2019

Modified

Aug 11, 2025

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 154650.

Solutions

ibm-was-install-7-0-0-0-ph05769ibm-was-install-8-0-0-0-ph05769ibm-was-install-8-5-0-0-ph05769ibm-was-install-9-0-0-0-ph05769ibm-was-upgrade-8-5-0-0-8-5-5-16ibm-was-upgrade-9-0-0-0-9-0-0-11

References

CVE-2018-1996
https://attackerkb.com/topics/CVE-2018-1996
CWE-327
IBM-ibm10793421
URL-https://exchange.xforce.ibmcloud.com/vulnerabilities/154650
URL-https://www.ibm.com/support/docview.wss?uid=ibm10793421

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today