Lucene search
HistoryApr 24, 2013 - 10:28 a.m.
CVE-2013-0540
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
44.2%
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.
Affected configurations
Node
ibmwebsphere_application_serverMatch8.5.0.0-liberty_profile
ORibmwebsphere_application_serverMatch8.5.0.1-liberty_profile
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 8.5.0.0 | cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:* |
| ibm | websphere_application_server | 8.5.0.1 | cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:* |
Related
cve
cve
CVE-2013-0540
2013-04-24 10:28:37
prion
prion
Authentication flaw
2013-04-24 10:28:00
cvelist
cvelist
CVE-2013-0540
2013-04-24 10:00:00
openvas
openvas
IBM Websphere Application Server Multiple Vulnerabilities -13 (Jan 2016)
2016-01-20 00:00:00
ibm
ibm
nessus
nessus
IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities
2013-05-10 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
44.2%
Related for NVD:CVE-2013-0540