Lucene search

IbmCVE-2014-6160

HistoryDec 29, 2014 - 2:59 a.m.

CVE-2014-6160

2014-12-2902:59:01

CWE-264

ibm

web.nvd.nist.gov

ibm

websphere

wsrr

cve-2014-6160

security vulnerability

access restrictions

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

52.9%

JSON

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Affected configurations

Nvd

Node

ibmwebsphere_service_registry_and_repositoryMatch8.5

AND

googlechromeMatch-

ibmwebsealMatch-

VendorProductVersionCPE
ibmwebsphere_service_registry_and_repository8.5cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*
googlechrome-cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*
ibmwebseal-cpe:2.3:a:ibm:webseal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_service_registry_and_repository	8.5	cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.5:::::::*
google	chrome	-	cpe:2.3:a:google:chrome:-:::::::*
ibm	webseal	-	cpe:2.3:a:ibm:webseal:-:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IV63498

www-01.ibm.com/support/docview.wss?uid=swg21693389

exchange.xforce.ibmcloud.com/vulnerabilities/97709

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

52.9%

JSON

Related for CVE-2014-6160