CVE-2013-0540

LOW

Description

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

References

http://www-01.ibm.com/support/docview.wss?&uid=swg21632423

http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056

https://exchange.xforce.ibmcloud.com/vulnerabilities/82695

Details

Source: MITRE

Published: 2013-04-24

Updated: 2017-08-29

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW