Lucene search
HistoryDec 18, 2014 - 4:59 p.m.
CVE-2014-8890
cve-2014-8890
ibm
websphere
application server
liberty profile
remote attackers
privileges
servlet
security constraints
servletsecurity annotations
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
5.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.3%
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet’s deployment descriptor security constraints and ServletSecurity annotations.
Affected configurations
Node
ibmwebsphere_application_serverMatch8.5.0.0
ORibmwebsphere_application_serverMatch8.5.0.1
ORibmwebsphere_application_serverMatch8.5.0.2
ORibmwebsphere_application_serverMatch8.5.5.0
ORibmwebsphere_application_serverMatch8.5.5.1
ORibmwebsphere_application_serverMatch8.5.5.2
ORibmwebsphere_application_serverMatch8.5.5.3
Related
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (CVE-2014-8890)
2022-09-26 03:37:05
cvelist
cvelist
CVE-2014-8890
2014-12-18 16:00:00
nvd
nvd
CVE-2014-8890
2014-12-18 16:59:17
prion
prion
Design/Logic Flaw
2014-12-18 16:59:00
openvas
openvas
nessus
nessus
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
5.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.3%
Related for CVE-2014-8890