CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2011-4889

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1090%
EPSS Percentile21.90th
Published2018年2月8日
Last Modified2024年11月21日

Vulnerability Description

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

Affected Platforms (CPE)

📦
Ibm

Websphere Application Server

>= 6.1 and < 6.1.0.43
📦
Ibm

Websphere Application Server

>= 7.0 and < 7.0.0.21
📦
Ibm

Websphere Application Server

>= 8.0 and < 8.0.0.2

References & Advisories

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
🔗 https://www-304.ibm.com/support/docview.wss?uid=swg21587015
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
🔗 https://www-304.ibm.com/support/docview.wss?uid=swg21587015

相關漏洞威脅

CVE-2006-242910.0

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and...

CVE-2006-243010.0

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plainte...

CVE-2000-084810.0

Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Hos...

CVE-2006-243310.0

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and...