Design/Logic Flaw

2012-09-2520:55:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.

CPENameOperatorVersion
websphere_application_servereq6.1.0
websphere_application_servereq6.1.0.0
websphere_application_servereq6.1.0.1
websphere_application_servereq6.1.0.2
websphere_application_servereq6.1.0.3
websphere_application_servereq6.1.0.4
websphere_application_servereq6.1.0.5
websphere_application_servereq6.1.0.7
websphere_application_servereq6.1.0.9
websphere_application_servereq6.1.0.11

Name	Operator	Version
websphere_application_server	eq	6.1.0
websphere_application_server	eq	6.1.0.0
websphere_application_server	eq	6.1.0.1
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.1.0.3
websphere_application_server	eq	6.1.0.4
websphere_application_server	eq	6.1.0.5
websphere_application_server	eq	6.1.0.7
websphere_application_server	eq	6.1.0.9
websphere_application_server	eq	6.1.0.11