IBM WebSphere Application Server CVE-2018-1840 Remote Privilege Escalation Vulnerability

Bugtraq ID:	106141
Class:	Design Error
CVE:	CVE-2018-1840
Remote:	Yes
Local:	No
Published:	Nov 29 2018 12:00AM
Updated:	Nov 29 2018 12:00AM
Credit:	IBM
Vulnerable:	IBM Websphere Application Server 8.5.5 IBM Websphere Application Server 9.0.0.9 IBM Websphere Application Server 9.0.0.8 IBM Websphere Application Server 9.0.0.7 IBM Websphere Application Server 9.0.0.6 IBM Websphere Application Server 9.0.0.5 IBM Websphere Application Server 9.0.0.4 IBM Websphere Application Server 9.0.0.3 IBM Websphere Application Server 9.0.0.2 IBM Websphere Application Server 9.0.0.1 IBM Websphere Application Server 9.0.0.0 IBM Websphere Application Server 8.5.5.9 IBM Websphere Application Server 8.5.5.8 IBM Websphere Application Server 8.5.5.7 IBM Websphere Application Server 8.5.5.6 IBM Websphere Application Server 8.5.5.5 IBM Websphere Application Server 8.5.5.4 IBM Websphere Application Server 8.5.5.3 - IBM AIX 4.3 - Linux kernel 2.3 .x - Microsoft Windows NT 4.0 - Sun Solaris 8_sparc IBM Websphere Application Server 8.5.5.2 - IBM AIX 4.3 - Linux kernel 2.3 .x - Microsoft Windows NT 4.0 - Sun Solaris 8_sparc IBM Websphere Application Server 8.5.5.14 IBM Websphere Application Server 8.5.5.13 IBM Websphere Application Server 8.5.5.12 IBM Websphere Application Server 8.5.5.11 IBM Websphere Application Server 8.5.5.10 IBM Websphere Application Server 8.5.5.1 IBM Websphere Application Server 8.5.5.0 IBM Websphere Application Server 8.5.0.2 IBM Websphere Application Server 8.5.0.1 IBM Websphere Application Server 8.5.0.0
Not Vulnerable:	IBM Websphere Application Server 9.0.0.10 IBM Websphere Application Server 8.5.5.15

IBM WebSphere Application Server CVE-2018-1840 Remote Privilege Escalation Vulnerability

IBM WebSphere Application Server is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain elevated privileges on the system.

WebSphere Application Server versions 9.0, 8.5 are vulnerable.