IBM Support

PH01753:Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794

Download


Abstract

Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794)

Download Description

PH01753 resolves the following problem:

ERROR DESCRIPTION:
Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794)

LOCAL FIX:
For each application server profile, if the OAuth 2.0 client TAI is not configured, but the WebSphereOauth20SP.ear is installed, uninstall WebSphereOauth20SP.ear.

PROBLEM SUMMARY:
Potential Security Exposure in WebSphere OAuth 2.0 Client (CVE-2018-1794).

PROBLEM CONCLUSION:
The OAuth 2.0 client application, WebSphereOauth20SP.ear, is updated to eliminate the reported security exposure.

When an interim fix for this APAR is installed, the fix will not be active on a profile until the installed OAuth 2.0 client application,  WebSphereOauth20SP.ear, is updated from the (WAS_HOME)/installableApps directory.  

If WebSphereOauth20SP.ear is not installed in a profile, after installing the ifix, no action is required for that profile.

THE FOLLOWING FIXES ARE PROVIDED:
7.0.0.25-WS-WAS-IFPH01753.pak applies to fix packs 7.0.0.25 through 7.0.0.45.
8.0.0.5-WS-WAS-IFPH01753.zip applies to fix packs 8.0.0.5 through 8.0.0.15.
8.5.5.0-WS-WASProd-IFPH01753.zip applies to fix packs 8.5.5.0 through 8.5.5.14.
9.0.0.0-WS-WASProd-IFPH01753.zip applies to fix packs 9.0.0.0 through 9.0.0.9.

The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.15 and 9.0.0.10.  Please refer to the Recommended Updates page for delivery information: 
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

Please download the UpdateInstaller below to install this fix.

URL SIZE(Bytes)
UpdateInstaller 7250000

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V70 Readme 5802
V80 Readme 2914
V85 Readme 2992
V90 Readme 2786

 

Download Package

 

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

7.0.0.25-WS-WAS-IFPH01753 09-06-2018 77811 FC
8.0.0.5-WS-WAS-IFPH01753 09-06-2018 360738 FC
8.5.5.0-WS-WASProd-IFPH01753 09-06-2018 304369 FC
9.0.0.0-WS-WASProd-IFPH01753 10-04-2018 297637 FC

 

Problems Solved

PH01753

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PH01753

Document information

More support for: WebSphere Application Server

Component: General, ">More...

Software version: 7.0.0.25, 7.0.0.27, 7.0.0.29, 7.0.0.31, 7.0.0.33, 7.0.0.35, 7.0.0.37, 7.0.0.39, 7.0.0.41, 7.0.0.43, 7.0.0.45, 8.0.0.5, 8.0.0.6, 8.0.0.7, 8.0.0.8, 8.0.0.9, 8.0.0.10, 8.0.0.11, 8.0.0.12, 8.0.0.13, 8.0.0.14, 8.0.0.15, 8.5, 8.5.0.1, 8.5.0.2, 8.5.5, 8.5.5.1, 8.5.5.2, 8.5.5.3, 8.5.5.4, 8.5.5.5, 8.5.5.6, 8.5.5.7, 8.5.5.8, 8.5.5.9, 8.5.5.10, 8.5.5.11, 8.5.5.12, 8.5.5.13, 8.5.5.14, 9.0.0.0, 9.0.0.1, 9.0.0.2, 9.0.0.3, 9.0.0.4, 9.0.0.5, 9.0.0.6, 9.0.0.7, 9.0.0.8, 9.0.0.9

Operating system(s): AIX, HP-UX, IBM i, Inspur K-UX, Linux, Solaris, Windows, z/OS

Software edition: Base,Network Deployment,Single Server

Reference #: 0730635

Modified date: 05 October 2018


Translate this page: