Web Servers : IBM WebSphere Application Server Security Bypass Vulnerability (swg21681249)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.806892

Categoría: Web Servers

Título: IBM WebSphere Application Server Security Bypass Vulnerability (swg21681249)

Resumen: IBM WebSphere Application Server is prone to a security bypass; vulnerability.

Descripción: Summary:
IBM WebSphere Application Server is prone to a security bypass
vulnerability.

Vulnerability Insight:
The flaw is due to an improper account creation with the
Virtual Member Manager SPI Admin Task addFileRegistryAccount.

Vulnerability Impact:
Successful exploitation will allow a remote attacker to bypass
security restrictions.

Affected Software/OS:
IBM WebSphere Application Server version 8.0.0.6 prior to
8.0.0.10 and 8.5.x prior to 8.5.5.3.

Solution:
Update to version 8.0.0.10, 8.5.5.3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-3070
AIX APAR: PI16765
http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765
BugTraq ID: 69296
http://www.securityfocus.com/bid/69296
XForce ISS Database: ibm-websphere-cve20143070-sec-bypass(93777)
https://exchange.xforce.ibmcloud.com/vulnerabilities/93777

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.806892
Categoría:	Web Servers
Título:	IBM WebSphere Application Server Security Bypass Vulnerability (swg21681249)
Resumen:	IBM WebSphere Application Server is prone to a security bypass; vulnerability.
Descripción:	Summary: IBM WebSphere Application Server is prone to a security bypass vulnerability. Vulnerability Insight: The flaw is due to an improper account creation with the Virtual Member Manager SPI Admin Task addFileRegistryAccount. Vulnerability Impact: Successful exploitation will allow a remote attacker to bypass security restrictions. Affected Software/OS: IBM WebSphere Application Server version 8.0.0.6 prior to 8.0.0.10 and 8.5.x prior to 8.5.5.3. Solution: Update to version 8.0.0.10, 8.5.5.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3070 AIX APAR: PI16765 http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765 BugTraq ID: 69296 http://www.securityfocus.com/bid/69296 XForce ISS Database: ibm-websphere-cve20143070-sec-bypass(93777) https://exchange.xforce.ibmcloud.com/vulnerabilities/93777
Copyright	Copyright (C) 2016 Greenbone AG