PH01753:Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794

Download

Abstract

Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794)

Download Description

PH01753 resolves the following problem:

ERROR DESCRIPTION:
Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794)

LOCAL FIX:
For each application server profile, if the OAuth 2.0 client TAI is not configured, but the WebSphereOauth20SP.ear is installed, uninstall WebSphereOauth20SP.ear.

PROBLEM SUMMARY:
Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794).

PROBLEM CONCLUSION:
The OAuth 2.0 client application, WebSphereOauth20SP.ear, is updated to eliminate the reported security exposure.

When an interim fix for this APAR is installed, the fix will not be active on a profile until the installed OAuth 2.0 client application, WebSphereOauth20SP.ear, is updated from the (WAS_HOME)/installableApps directory.

If WebSphereOauth20SP.ear is not installed in a profile, after installing the ifix, no action is required for that profile.

THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.25-WS-WAS-IFPH01753.pak applies to fix packs 7.0.0.25 through 7.0.0.45.
8.0.0.5-WS-WAS-IFPH01753.zip applies to fix packs 8.0.0.5 through 8.0.0.15.
8.5.5.0-WS-WASProd-IFPH01753.zip applies to fix packs 8.5.5.0 through 8.5.5.14.
9.0.0.0-WS-WASProd-IFPH01753.zip applies to fix packs 9.0.0.0 through 9.0.0.9.

The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10. Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

URL	SIZE(Bytes)
UpdateInstaller	7250000

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL	SIZE(Bytes)
V70 Readme	5802
V80 Readme	2914
V85 Readme	2992
V90 Readme	2786

Download Package

DOWNLOAD	RELEASE DATE	SIZE(Bytes)	DOWNLOAD Options What is Fix Central(FC)?
7.0.0.25-WS-WAS-IFPH01753	09-06-2018	77811	FC
8.0.0.5-WS-WAS-IFPH01753	09-06-2018	360738	FC
8.5.5.0-WS-WASProd-IFPH01753	09-06-2018	304369	FC
9.0.0.0-WS-WASProd-IFPH01753	10-04-2018	297637	FC

Problems Solved

PH01753

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.25;7.0.0.27;7.0.0.29;7.0.0.31;7.0.0.33;7.0.0.35;7.0.0.37;7.0.0.39;7.0.0.41;7.0.0.43;7.0.0.45;8.0.0.10;8.0.0.11;8.0.0.12;8.0.0.13;8.0.0.14;8.0.0.15;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9;8.5;8.5.0.1;8.5.0.2;8.5.5;8.5.5.1;8.5.5.10;8.5.5.11;8.5.5.12;8.5.5.13;8.5.5.14;8.5.5.2;8.5.5.3;8.5.5.4;8.5.5.5;8.5.5.6;8.5.5.7;8.5.5.8;8.5.5.9;9.0.0.0;9.0.0.1;9.0.0.2;9.0.0.3;9.0.0.4;9.0.0.5;9.0.0.6;9.0.0.7;9.0.0.8, 9.0.0.9","Edition":"Base,Network Deployment,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}]

Problems (APARS) fixed
PH01753

Was this topic helpful?

Document Information

Modified date:
05 October 2018

UID

ibm10730635

Tips