Lucene search

[email protected]CVE-2012-3325

HistoryAug 30, 2012 - 10:55 p.m.

CVE-2012-3325

2012-08-3022:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

ibm

websphere

application server

authentication

vulnerability

nvd

8.6 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.8%

JSON

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1.0.21
ibm:websphere_application_serveribm websphere application servereq6.1.0.31
ibm:websphere_application_serveribm websphere application servereq6.1.7
ibm:websphere_application_serveribm websphere application servereq6.1
ibm:websphere_application_serveribm websphere application servereq6.1.0.19
ibm:websphere_application_serveribm websphere application servereq6.1.6
ibm:websphere_application_serveribm websphere application servereq6.1.0.2
ibm:websphere_application_serveribm websphere application servereq6.1.0.33
ibm:websphere_application_serveribm websphere application servereq6.1.0.25
ibm:websphere_application_serveribm websphere application servereq6.1.14

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.21
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.31
ibm:websphere_application_server	ibm websphere application server	eq	6.1.7
ibm:websphere_application_server	ibm websphere application server	eq	6.1
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.19
ibm:websphere_application_server	ibm websphere application server	eq	6.1.6
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.33
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.25
ibm:websphere_application_server	ibm websphere application server	eq	6.1.14

Rows per page:

1-10 of 561

References

secunia.com/advisories/54971

secunia.com/advisories/55115

www-01.ibm.com/support/docview.wss?uid=swg1PM71296

www.ibm.com/support/docview.wss?uid=swg21609067

www.securityfocus.com/bid/55309

www.securitytracker.com/id?1027462

exchange.xforce.ibmcloud.com/vulnerabilities/77959

8.6 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2012-3325

ibm10 seebug1 prion1 openvas1 nessus4