CVE-2012-3325

Sažetak

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.

Reference

http://secunia.com/advisories/54971
http://secunia.com/advisories/55115
http://www.ibm.com/support/docview.wss?uid=swg21609067
http://www.securityfocus.com/bid/55309
http://www.securitytracker.com/id?1027462
http://www-01.ibm.com/support/docview.wss?uid=swg1PM71296
https://exchange.xforce.ibmcloud.com/vulnerabilities/77959

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:31

Objavljeno

30-08-2012 - 22:55