There is a potential bypass security vulnerability in WebSphere Application Server Version 8.0 and higher with Virtual Member Manager (VMM).
CVEID: CVE-2014-3070
Description: WebSphere Application Server could allow a remote attacker to bypass security restrictions caused by improper account creation with the Virtual Member Manager SPI Admin Task addFileRegistryAccount.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93777 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
This problem affects WebSphere Application Server Version 8.0, 8.5 and 8.5.5
Apply a Fix Pack, PTF or Interim Fix containing PI16765 as determined below: **_
For IBM WebSphere Application Server and IBM WebSphere Application Server Hypervisor Edition_** :
Download and apply the interim fix APARs below, for your appropriate release:
**
For V8.5.5.0 through 8.5.5.2:**
For V8.0.0.6 through 8.0.0.9: