Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-1311
ibm
websphere
application server
was
security
vulnerability
cve-2011-1311
nvd
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.8%
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
Affected configurations
Node
ibmwebsphere_application_serverRange≤7.0.0.13
ORibmwebsphere_application_serverMatch2.0
ORibmwebsphere_application_serverMatch3.0
ORibmwebsphere_application_serverMatch3.0.2
ORibmwebsphere_application_serverMatch3.0.2.1
ORibmwebsphere_application_serverMatch3.0.2.2
ORibmwebsphere_application_serverMatch3.0.2.3
ORibmwebsphere_application_serverMatch3.0.2.4
ORibmwebsphere_application_serverMatch3.0.21
ORibmwebsphere_application_serverMatch3.5
ORibmwebsphere_application_serverMatch3.5.1
ORibmwebsphere_application_serverMatch3.5.2
ORibmwebsphere_application_serverMatch3.5.3
ORibmwebsphere_application_serverMatch3.52
ORibmwebsphere_application_serverMatch4.0.1
ORibmwebsphere_application_serverMatch4.0.2
ORibmwebsphere_application_serverMatch4.0.3
ORibmwebsphere_application_serverMatch4.0.4
ORibmwebsphere_application_serverMatch5.0
ORibmwebsphere_application_serverMatch5.0.0
ORibmwebsphere_application_serverMatch5.0.1
ORibmwebsphere_application_serverMatch5.0.2
ORibmwebsphere_application_serverMatch5.0.2.1
ORibmwebsphere_application_serverMatch5.0.2.2
ORibmwebsphere_application_serverMatch5.0.2.3
ORibmwebsphere_application_serverMatch5.0.2.4
ORibmwebsphere_application_serverMatch5.0.2.5
ORibmwebsphere_application_serverMatch5.0.2.6
ORibmwebsphere_application_serverMatch5.0.2.7
ORibmwebsphere_application_serverMatch5.0.2.8
ORibmwebsphere_application_serverMatch5.0.2.9
ORibmwebsphere_application_serverMatch5.0.2.10
ORibmwebsphere_application_serverMatch5.0.2.11
ORibmwebsphere_application_serverMatch5.0.2.12
ORibmwebsphere_application_serverMatch5.0.2.13
ORibmwebsphere_application_serverMatch5.0.2.14
ORibmwebsphere_application_serverMatch5.0.2.15
ORibmwebsphere_application_serverMatch5.0.2.16
ORibmwebsphere_application_serverMatch5.1.0
ORibmwebsphere_application_serverMatch5.1.0.2
ORibmwebsphere_application_serverMatch5.1.0.3
ORibmwebsphere_application_serverMatch5.1.0.4
ORibmwebsphere_application_serverMatch5.1.0.5
ORibmwebsphere_application_serverMatch5.1.1
ORibmwebsphere_application_serverMatch5.1.1.1
ORibmwebsphere_application_serverMatch5.1.1.2
ORibmwebsphere_application_serverMatch5.1.1.3
ORibmwebsphere_application_serverMatch5.1.1.4
ORibmwebsphere_application_serverMatch5.1.1.5
ORibmwebsphere_application_serverMatch5.1.1.6
ORibmwebsphere_application_serverMatch5.1.1.7
ORibmwebsphere_application_serverMatch5.1.1.8
ORibmwebsphere_application_serverMatch5.1.1.9
ORibmwebsphere_application_serverMatch5.1.1.10
ORibmwebsphere_application_serverMatch5.1.1.11
ORibmwebsphere_application_serverMatch5.1.1.12
ORibmwebsphere_application_serverMatch5.1.1.13
ORibmwebsphere_application_serverMatch5.1.1.14
ORibmwebsphere_application_serverMatch5.1.1.15
ORibmwebsphere_application_serverMatch5.1.1.16
ORibmwebsphere_application_serverMatch5.1.1.17
ORibmwebsphere_application_serverMatch6.0
ORibmwebsphere_application_serverMatch6.0.0.1
ORibmwebsphere_application_serverMatch6.0.0.2
ORibmwebsphere_application_serverMatch6.0.0.3
ORibmwebsphere_application_serverMatch6.0.1
ORibmwebsphere_application_serverMatch6.0.1.1
ORibmwebsphere_application_serverMatch6.0.1.2
ORibmwebsphere_application_serverMatch6.0.1.3
ORibmwebsphere_application_serverMatch6.0.1.5
ORibmwebsphere_application_serverMatch6.0.1.7
ORibmwebsphere_application_serverMatch6.0.1.9
ORibmwebsphere_application_serverMatch6.0.1.11
ORibmwebsphere_application_serverMatch6.0.1.13
ORibmwebsphere_application_serverMatch6.0.1.15
ORibmwebsphere_application_serverMatch6.0.1.17
ORibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.22
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.24
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.28
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.30
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.32
ORibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.25
ORibmwebsphere_application_serverMatch6.1.0.27
ORibmwebsphere_application_serverMatch6.1.0.29
ORibmwebsphere_application_serverMatch6.1.0.31
ORibmwebsphere_application_serverMatch6.1.0.33
ORibmwebsphere_application_serverMatch6.1.1
ORibmwebsphere_application_serverMatch6.1.3
ORibmwebsphere_application_serverMatch6.1.5
ORibmwebsphere_application_serverMatch6.1.6
ORibmwebsphere_application_serverMatch6.1.7
ORibmwebsphere_application_serverMatch6.1.13
ORibmwebsphere_application_serverMatch6.1.14
ORibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.2
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.4
ORibmwebsphere_application_serverMatch7.0.0.5
ORibmwebsphere_application_serverMatch7.0.0.6
ORibmwebsphere_application_serverMatch7.0.0.7
ORibmwebsphere_application_serverMatch7.0.0.8
ORibmwebsphere_application_serverMatch7.0.0.9
ORibmwebsphere_application_serverMatch7.0.0.11
Related
nvd
nvd
CVE-2011-1311
2011-03-08 21:59:34
cvelist
cvelist
CVE-2011-1311
2022-10-03 16:15:11
prion
prion
Design/Logic Flaw
2011-03-08 21:59:00
openvas
openvas
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities (Mar 2011)
2011-03-22 00:00:00
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
2011-03-22 00:00:00
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities
2011-03-10 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.8%
Related for CVE-2011-1311