Design/Logic Flaw

2011-03-0821:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.8%

JSON

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

CPENameOperatorVersion
websphere_application_servereq5.0.0
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1.0.31
websphere_application_servereq3.0.21
websphere_application_servereq6.1.7
websphere_application_servereq5.1.0.5
websphere_application_servereq6.1
websphere_application_servereq7.0.0.2
websphere_application_servereq5.0.2.10
websphere_application_servereq5.1.1.14

Name	Operator	Version
websphere_application_server	eq	5.0.0
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1.0.31
websphere_application_server	eq	3.0.21
websphere_application_server	eq	6.1.7
websphere_application_server	eq	5.1.0.5
websphere_application_server	eq	6.1
websphere_application_server	eq	7.0.0.2
websphere_application_server	eq	5.0.2.10
websphere_application_server	eq	5.1.1.14