Design/Logic Flaw

2009-09-2119:30:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1
websphere_application_servereq6.1.0.19
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.25
websphere_application_servereq6.1.0.11
websphere_application_servereq6.1.0.9
websphere_application_servereq6.1.0.1
websphere_application_servereq6.1.0.7
websphere_application_servereq6.1.0.3

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.25
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	6.1.0.9
websphere_application_server	eq	6.1.0.1
websphere_application_server	eq	6.1.0.7
websphere_application_server	eq	6.1.0.3