Lucene search

[email protected]CVE-2012-3311

HistorySep 25, 2012 - 8:55 p.m.

CVE-2012-3311

2012-09-2520:55:01

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

vulnerability

cbind

access restrictions

nvd

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.

Affected configurations

NVD

Node

ibmz\/osMatch-

AND

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.4

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch6.1.0.23

ibmwebsphere_application_serverMatch6.1.0.25

ibmwebsphere_application_serverMatch6.1.0.27

ibmwebsphere_application_serverMatch6.1.0.29

ibmwebsphere_application_serverMatch6.1.0.31

ibmwebsphere_application_serverMatch6.1.0.33

ibmwebsphere_application_serverMatch6.1.0.35

ibmwebsphere_application_serverMatch6.1.0.37

ibmwebsphere_application_serverMatch6.1.0.39

ibmwebsphere_application_serverMatch6.1.0.41

ibmwebsphere_application_serverMatch6.1.0.43

ibmwebsphere_application_serverMatch7.0.0.1

ibmwebsphere_application_serverMatch7.0.0.2

ibmwebsphere_application_serverMatch7.0.0.3

ibmwebsphere_application_serverMatch7.0.0.4

ibmwebsphere_application_serverMatch7.0.0.5

ibmwebsphere_application_serverMatch7.0.0.6

ibmwebsphere_application_serverMatch7.0.0.7

ibmwebsphere_application_serverMatch7.0.0.8

ibmwebsphere_application_serverMatch7.0.0.9

ibmwebsphere_application_serverMatch7.0.0.10

ibmwebsphere_application_serverMatch7.0.0.11

ibmwebsphere_application_serverMatch7.0.0.13

ibmwebsphere_application_serverMatch7.0.0.14

ibmwebsphere_application_serverMatch7.0.0.15

ibmwebsphere_application_serverMatch7.0.0.16

ibmwebsphere_application_serverMatch7.0.0.17

ibmwebsphere_application_serverMatch7.0.0.19

ibmwebsphere_application_serverMatch7.0.0.21

ibmwebsphere_application_serverMatch7.0.0.23

ibmwebsphere_application_serverMatch8.0.0.0

ibmwebsphere_application_serverMatch8.0.0.1

ibmwebsphere_application_serverMatch8.0.0.2

ibmwebsphere_application_serverMatch8.0.0.3

ibmwebsphere_application_serverMatch8.0.0.4

ibmwebsphere_application_serverMatch8.5.0.0

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1.0
ibm:websphere_application_serveribm websphere application servereq6.1.0.0
ibm:websphere_application_serveribm websphere application servereq6.1.0.1
ibm:websphere_application_serveribm websphere application servereq6.1.0.2
ibm:websphere_application_serveribm websphere application servereq6.1.0.3
ibm:websphere_application_serveribm websphere application servereq6.1.0.4
ibm:websphere_application_serveribm websphere application servereq6.1.0.5
ibm:websphere_application_serveribm websphere application servereq6.1.0.7
ibm:websphere_application_serveribm websphere application servereq6.1.0.9
ibm:websphere_application_serveribm websphere application servereq6.1.0.11

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.0
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.4
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.5
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.7
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.9
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.11