Code injection

2011-03-0821:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.7%

JSON

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1.0.31
websphere_application_servereq6.1.0.19
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.33
websphere_application_servereq6.1.0.25
websphere_application_servereq6.1.0.11
websphere_application_servereq6.1.0.9
websphere_application_servereq6.1.0.0
websphere_application_servereq6.1.0.1

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1.0.31
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.33
websphere_application_server	eq	6.1.0.25
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	6.1.0.9
websphere_application_server	eq	6.1.0.0
websphere_application_server	eq	6.1.0.1