Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.806892
Category:Web Servers
Title:IBM Websphere Application Server Security Bypass Vulnerability-01 Mar16
Summary:This host is installed with IBM Websphere; application server and is prone to Security Bypass vulnerability.
Description:Summary:
This host is installed with IBM Websphere
application server and is prone to Security Bypass vulnerability.

Vulnerability Insight:
The flaw is due to an improper account creation
with the Virtual Member Manager SPI Admin Task addFileRegistryAccount.

Vulnerability Impact:
Successful exploitation will allow a remote
attacker to bypass security restrictions.

Affected Software/OS:
IBM WebSphere Application Server (WAS)
8.0.0.6 before 8.0.0.10 and 8.5.x before 8.5.5.3.

Solution:
Upgrade to IBM WebSphere Application
Server (WAS) version 8.0.0.10, or 8.5.5.3, or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Cross-Ref: BugTraq ID: 69296
Common Vulnerability Exposure (CVE) ID: CVE-2014-3070
AIX APAR: PI16765
http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765
http://www.securityfocus.com/bid/69296
XForce ISS Database: ibm-websphere-cve20143070-sec-bypass(93777)
https://exchange.xforce.ibmcloud.com/vulnerabilities/93777
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.