CVE-2013-4053

Sažetak

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.

Reference

http://www.ibm.com/support/docview.wss?uid=swg21647522
http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949
http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521
https://exchange.xforce.ibmcloud.com/vulnerabilities/86505

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

20-09-2013 - 21:55