Improper access control

2014-12-2411:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.7%

JSON

IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CPENameOperatorVersion
websphere_service_registry_and_repositoryeq7.5.0.1
websphere_service_registry_and_repositoryeq7.0.0.1
websphere_service_registry_and_repositoryeq7.5.0.2
websphere_service_registry_and_repositoryeq7.5.0.0
websphere_service_registry_and_repositoryeq7.0.0.4
websphere_service_registry_and_repositoryeq7.0.0.3
websphere_service_registry_and_repositoryeq7.0.0
websphere_service_registry_and_repositoryeq7.0.0.2

Name	Operator	Version
websphere_service_registry_and_repository	eq	7.5.0.1
websphere_service_registry_and_repository	eq	7.0.0.1
websphere_service_registry_and_repository	eq	7.5.0.2
websphere_service_registry_and_repository	eq	7.5.0.0
websphere_service_registry_and_repository	eq	7.0.0.4
websphere_service_registry_and_repository	eq	7.0.0.3
websphere_service_registry_and_repository	eq	7.0.0
websphere_service_registry_and_repository	eq	7.0.0.2