Lucene search

[email protected]CVE-2014-6160

HistoryDec 29, 2014 - 2:59 a.m.

CVE-2014-6160

2014-12-2902:59:01

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

wsrr

cve-2014-6160

security vulnerability

access restrictions

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.0%

JSON

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Affected configurations

NVD

Node

ibmwebsphere_service_registry_and_repositoryMatch8.5

AND

googlechromeMatch-

ibmwebsealMatch-

CPENameOperatorVersion
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq8.5

CPE	Name	Operator	Version
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	8.5

References

www-01.ibm.com/support/docview.wss?uid=swg1IV63498

www-01.ibm.com/support/docview.wss?uid=swg21693389

exchange.xforce.ibmcloud.com/vulnerabilities/97709

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2014-6160

cvelist1 prion1 nvd1 nessus1 ibm1