Lucene search

[email protected]CVE-2013-0540

HistoryApr 24, 2013 - 10:28 a.m.

CVE-2013-0540

2013-04-2410:28:00

CWE-287

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

liberty profile

cve-2013-0540

ssl

authentication

cookie validation

9 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.5%

JSON

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq8.5.0.0
ibm:websphere_application_serveribm websphere application servereq8.5.0.1

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	8.5.0.0
ibm:websphere_application_server	ibm websphere application server	eq	8.5.0.1

References

www-01.ibm.com/support/docview.wss?&uid=swg21632423

www-01.ibm.com/support/docview.wss?uid=swg1PM81056

exchange.xforce.ibmcloud.com/vulnerabilities/82695

9 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for CVE-2013-0540

prion1 openvas1 ibm2 nessus1