IBMFFA839281C2B761BBAB10794E944F69637FE48AAD588F173149742812C0242D9Security Bulletin: Potential Security exposure with WebSphere Application Server (CVE-2014-3070)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
64.6%
Summary
There is a potential bypass security vulnerability in WebSphere Application Server Version 8.0 and higher with Virtual Member Manager (VMM).
Vulnerability Details
CVEID: CVE-2014-3070
Description: WebSphere Application Server could allow a remote attacker to bypass security restrictions caused by improper account creation with the Virtual Member Manager SPI Admin Task addFileRegistryAccount.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93777 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
This problem affects WebSphere Application Server Version 8.0, 8.5 and 8.5.5
Remediation/Fixes
Apply a Fix Pack, PTF or Interim Fix containing PI16765 as determined below: **_
For IBM WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition_** :
Download and apply the interim fix APARs below, for your appropriate release:
**
For V8.5.5.0 through 8.5.5.2:**
- Apply Interim Fix PI16765
or - Apply Fix Pack 8.5.5.3 or later.
For V8.0.0.6 through 8.0.0.9:
- Apply Interim Fix PI16765
or - Apply Fix Pack 8.0.0.10 or later.
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
64.6%