Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8890

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2014-8890
Last Modified 18 Dec 2014 02:43:59
Published 18 Dec 2014 11:59:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-8890

Summary

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 8.5.0.0

  • Ibm Websphere Application Server 8.5.0.1

  • Ibm Websphere Application Server 8.5.0.2

  • Ibm Websphere Application Server 8.5.5.0

  • Ibm Websphere Application Server 8.5.5.1

  • Ibm Websphere Application Server 8.5.5.2

  • Ibm Websphere Application Server 8.5.5.3


References

XF - ibm-websphere-cve20148890-priv-escalation(99009)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21690185


Last Updated: 27 May 2016 11:07:20