Lucene search
HistorySep 25, 2012 - 8:55 p.m.
CVE-2012-3306
ibm
websphere
application server
cve-2012-3306
nvd
vulnerability
authentication cache
remote attack
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.9%
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors.
Affected configurations
Node
ibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.4
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.25
ORibmwebsphere_application_serverMatch6.1.0.27
ORibmwebsphere_application_serverMatch6.1.0.29
ORibmwebsphere_application_serverMatch6.1.0.31
ORibmwebsphere_application_serverMatch6.1.0.33
ORibmwebsphere_application_serverMatch6.1.0.35
ORibmwebsphere_application_serverMatch6.1.0.37
ORibmwebsphere_application_serverMatch6.1.0.39
ORibmwebsphere_application_serverMatch6.1.0.41
ORibmwebsphere_application_serverMatch6.1.0.43
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.2
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.4
ORibmwebsphere_application_serverMatch7.0.0.5
ORibmwebsphere_application_serverMatch7.0.0.6
ORibmwebsphere_application_serverMatch7.0.0.7
ORibmwebsphere_application_serverMatch7.0.0.8
ORibmwebsphere_application_serverMatch7.0.0.9
ORibmwebsphere_application_serverMatch7.0.0.10
ORibmwebsphere_application_serverMatch7.0.0.11
ORibmwebsphere_application_serverMatch7.0.0.13
ORibmwebsphere_application_serverMatch7.0.0.14
ORibmwebsphere_application_serverMatch7.0.0.15
ORibmwebsphere_application_serverMatch7.0.0.16
ORibmwebsphere_application_serverMatch7.0.0.17
ORibmwebsphere_application_serverMatch7.0.0.19
ORibmwebsphere_application_serverMatch7.0.0.21
ORibmwebsphere_application_serverMatch7.0.0.23
ORibmwebsphere_application_serverMatch8.0.0.0
ORibmwebsphere_application_serverMatch8.0.0.1
ORibmwebsphere_application_serverMatch8.0.0.2
ORibmwebsphere_application_serverMatch8.0.0.3
ORibmwebsphere_application_serverMatch8.0.0.4
ORibmwebsphere_application_serverMatch8.5.0.0
Related
cvelist
cvelist
CVE-2012-3306
2012-09-25 20:00:00
nvd
nvd
CVE-2012-3306
2012-09-25 20:55:01
prion
prion
Authentication flaw
2012-09-25 20:55:00
openvas
openvas
IBM Websphere Application Server Multiple Vulnerabilities-02 (Jan 2016)
2016-01-19 00:00:00
nessus
nessus
IBM WebSphere Application Server 8.0 < Fix Pack 5 Multiple Vulnerabilities
2013-01-31 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 25 Multiple Vulnerabilities
2012-10-03 00:00:00
IBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities
2012-10-02 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.9%
Related for CVE-2012-3306