CyberSec.Space Logo
Back to CVE Browser

CVE-2011-4889

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile21.90th
PublishedFeb 8, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

Affected Platforms (CPE)

πŸ“¦
Ibm

Websphere Application Server

>= 6.1 and < 6.1.0.43
πŸ“¦
Ibm

Websphere Application Server

>= 7.0 and < 7.0.0.21
πŸ“¦
Ibm

Websphere Application Server

>= 8.0 and < 8.0.0.2

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
πŸ”— https://www-304.ibm.com/support/docview.wss?uid=swg21587015
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
πŸ”— https://www-304.ibm.com/support/docview.wss?uid=swg21587015

Related Vulnerabilities

CVE-2006-242910.0

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and...

CVE-2006-243010.0

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plainte...

CVE-2000-084810.0

Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Hos...

CVE-2006-243310.0

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and...