Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1312

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-1312
Last Modified 07 Apr 2011 12:00:00
Published 08 Mar 2011 04:59:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1312

Summary

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1.0

  • Ibm Websphere Application Server 6.1.0.0

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.12

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.23

  • Ibm Websphere Application Server 6.1.0.25

  • Ibm Websphere Application Server 6.1.0.27

  • Ibm Websphere Application Server 6.1.0.29

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 7.0

  • Ibm Websphere Application Server 7.0.0.1

  • Ibm Websphere Application Server 7.0.0.11

  • Ibm Websphere Application Server 7.0.0.13

  • Ibm Websphere Application Server 7.0.0.2

  • Ibm Websphere Application Server 7.0.0.3

  • Ibm Websphere Application Server 7.0.0.4

  • Ibm Websphere Application Server 7.0.0.5

  • Ibm Websphere Application Server 7.0.0.6

  • Ibm Websphere Application Server 7.0.0.7

  • Ibm Websphere Application Server 7.0.0.8

  • Ibm Websphere Application Server 7.0.0.9


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27014463

AIXAPAR - PK88606


Last Updated: 27 May 2016 10:56:16