CVE-2012-3325

critical

Description

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77959

http://www.securitytracker.com/id?1027462

http://www.securityfocus.com/bid/55309

http://www.ibm.com/support/docview.wss?uid=swg21609067

http://www-01.ibm.com/support/docview.wss?uid=swg1PM71296

http://secunia.com/advisories/55115

http://secunia.com/advisories/54971

Details

Source: Mitre, NVD

Published: 2012-08-30

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical