Lucene search
HistoryOct 03, 2022 - 4:21 p.m.
CVE-2010-0563
ibm
websphere
application server
sso
cve-2010-0563
vulnerability
nvd
ssl
remote attack
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
64.7%
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
Affected configurations
Node
ibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.5
ORibmwebsphere_application_serverMatch7.0.0.7
ORibmwebsphere_application_serverMatch7.0.0.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 7.0.0.5 | cpe:/a:ibm:websphere_application_server:7.0.0.5::: |
| ibm | websphere_application_server | 7.0.0.1 | cpe:/a:ibm:websphere_application_server:7.0.0.1::: |
| ibm | websphere_application_server | 7.0 | cpe:/a:ibm:websphere_application_server:7.0::: |
| ibm | websphere_application_server | 7.0.0.3 | cpe:/a:ibm:websphere_application_server:7.0.0.3::: |
| ibm | websphere_application_server | 7.0.0.7 | cpe:/a:ibm:websphere_application_server:7.0.0.7::: |
| ibm | websphere_application_server | 7.0.0.8 | cpe:/a:ibm:websphere_application_server:7.0.0.8::: |
Related
nvd
nvd
CVE-2010-0563
2010-02-08 21:30:00
prion
prion
Design/Logic Flaw
2010-02-08 21:30:00
cvelist
cvelist
CVE-2010-0563
2022-10-03 16:21:11
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.002
Percentile
64.7%
Related for CVE-2010-0563