CVE-2014-6177

2014-12-2411:59:04

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

service registry

repository

wsrr

security

vulnerability

access control bypass

cve-2014-6177

nvd

5.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.5%

JSON

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Affected configurations

NVD

Node

ibmwebsphere_service_registry_and_repositoryMatch7.0.0

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.1

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.2

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.3

ibmwebsphere_service_registry_and_repositoryMatch7.0.0.4

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.0

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.1

ibmwebsphere_service_registry_and_repositoryMatch7.5.0.2

CPENameOperatorVersion
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.0.0
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.0.0.1
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.0.0.2
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.0.0.3
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.0.0.4
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.5.0.0
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.5.0.1
ibm:websphere_service_registry_and_repositoryibm websphere service registry and repositoryeq7.5.0.2

CPE	Name	Operator	Version
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.0.0
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.0.0.1
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.0.0.2
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.0.0.3
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.0.0.4
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.5.0.0
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.5.0.1
ibm:websphere_service_registry_and_repository	ibm websphere service registry and repository	eq	7.5.0.2