Design/Logic Flaw

2011-01-1201:00:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.0%

JSON

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1.0.31
websphere_application_servereq6.1
websphere_application_servereq6.1.0.19
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.33
websphere_application_servereq6.1.0.25
websphere_application_servereq6.1.0.11
websphere_application_servereq6.1.0.9
websphere_application_servereq6.1.0.0

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1.0.31
websphere_application_server	eq	6.1
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.33
websphere_application_server	eq	6.1.0.25
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	6.1.0.9
websphere_application_server	eq	6.1.0.0