Lucene search

[email protected]CVE-2001-1189

HistoryMar 15, 2002 - 5:00 a.m.

CVE-2001-1189

2002-03-1505:00:00

[email protected]

web.nvd.nist.gov

ibm

websphere application server

password vulnerability

jsp script

cve-2001-1189

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch3.0

ibmwebsphere_application_serverMatch3.0.2

ibmwebsphere_application_serverMatch3.0.2.1

ibmwebsphere_application_serverMatch3.0.2.2

ibmwebsphere_application_serverMatch3.0.2.3

ibmwebsphere_application_serverMatch3.0.2.4

ibmwebsphere_application_serverMatch3.5

ibmwebsphere_application_serverMatch3.5.1

ibmwebsphere_application_serverMatch3.5.2

ibmwebsphere_application_serverMatch3.5.3

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq3.0
ibm:websphere_application_serveribm websphere application servereq3.0.2
ibm:websphere_application_serveribm websphere application servereq3.0.2.1
ibm:websphere_application_serveribm websphere application servereq3.0.2.2
ibm:websphere_application_serveribm websphere application servereq3.0.2.3
ibm:websphere_application_serveribm websphere application servereq3.0.2.4
ibm:websphere_application_serveribm websphere application servereq3.5
ibm:websphere_application_serveribm websphere application servereq3.5.1
ibm:websphere_application_serveribm websphere application servereq3.5.2
ibm:websphere_application_serveribm websphere application servereq3.5.3

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	3.0
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.2
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.3
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.4
ibm:websphere_application_server	ibm websphere application server	eq	3.5
ibm:websphere_application_server	ibm websphere application server	eq	3.5.1
ibm:websphere_application_server	ibm websphere application server	eq	3.5.2
ibm:websphere_application_server	ibm websphere application server	eq	3.5.3

References

www.iss.net/security_center/static/7698.php

www.securityfocus.com/archive/1/245324

www.securityfocus.com/bid/3682

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2001-1189

cvelist1 nvd1