[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-3306

Date: (C)2012-09-25   (M)2017-08-29 


IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
IAVM:2012-B-0082
http://www.ibm.com/support/docview.wss?uid=swg21611313
was-multidomain-password-cache(77478)

CPE    50
cpe:/a:ibm:websphere_application_server:6.1.0.9
cpe:/a:ibm:websphere_application_server:6.1.0.43
cpe:/a:ibm:websphere_application_server:6.1.0.1
cpe:/a:ibm:websphere_application_server:6.1.0.2
...
CWE    1
CWE-255

© 2013 SecPod Technologies