IBM Support

PH01752:Possible security exposure in SAML Web SSO (CVE-2018-1793)

Download


Abstract

Possible security exposure in SAML Web SSO (CVE-2018-1793)

Download Description

PH01752 resolves the following problem:

ERROR DESCRIPTION:
Possible security exposure in SAML Web SSO (CVE-2018-1793).

PROBLEM SUMMARY:
Possible security exposure in SAML Web SSO (CVE-2018-1793).

LOCAL FIX: 
For each application server profile, if the SAML Web SSO TAI is not configured, but the WebSphereSamlSP.ear is installed, uninstall WebSphereSamlSP.ear.

PROBLEM CONCLUSION:
The SAML ACS application, WebSphereSamlSP.ear, is updated to eliminate the reported security exposure.

When an interim fix for this APAR is installed, the fix will not be active on a profile until the installed SAML Web SSO application,  WebSphereSamlSP.ear, is updated from the (WAS_HOME)/installableApps directory.  

THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.23-WS-WAS-IFPH01752.pak applies to fix packs 7.0.0.23 through 7.0.0.45.
8.0.0.4-WS-WAS-IFPH01752.zip applies to fix packs 8.0.0.4 through 8.0.0.15.
8.5.5.0-WS-WASProd-IFPH01752.zip applies to fix packs 8.5.5.0 through 8.5.5.14.
9.0.0.0-WS-WASProd-IFPH01752.zip applies to fix packs 9.0.0.0 through 9.0.0.9.

The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10.  Please refer to the Recommended Updates page for delivery information: 
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V70 Readme 5672
V80 Readme 2617
V85 Readme 2887
V90 Readme 2708

 

Download Package

 

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

7.0.0.23-WS-WAS-IFPH01752 09-05-2018 10729 FC
8.0.0.4-WS-WAS-IFPH01752 09-05-2018 230070 FC
8.5.5.0-WS-WASProd-IFPH01752 09-05-2018 238828 FC
9.0.0.0-WS-WASProd-IFPH01752 09-05-2018 231727 FC

 

Problems Solved

PH01752

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PH01752

Document information

More support for: WebSphere Application Server

Component: General, ">More...

Software version: 7.0.0.23, 7.0.0.25, 7.0.0.27, 7.0.0.29, 7.0.0.31, 7.0.0.33, 7.0.0.35, 7.0.0.37, 7.0.0.39, 7.0.0.41, 7.0.0.43, 7.0.0.45, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7, 8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15, 8.5, 8.5.0.1, 8.5.0.2, 8.5.5, 8.5.5.1, 8.5.5.2, 8.5.5.3, 8.5.5.4, 8.5.5.5, 8.5.5.6, 8.5.5.7, 8.5.5.8, 8.5.5.9, 8.5.5.10, 8.5.5.11, 8.5.5.12, 8.5.5.13, 8.5.5.14, 9.0.0.0, 9.0.0.1, 9.0.0.2, 9.0.0.3, 9.0.0.4, 9.0.0.5, 9.0.0.6, 9.0.0.7, 9.0.0.8, 9.0.0.9

Operating system(s): AIX, HP-UX, IBM i, Inspur K-UX, Linux, Solaris, Windows, z/OS

Software edition: Base,Network Deployment,Single Server

Reference #: 0730545

Modified date: 05 October 2018


Translate this page: