IBM WebSphere Service Registry and Repository 7.0 < 7.0.0 FP1 Authentication Bypass

Medium Nessus Plugin ID 70070


The remote host has a web application installed that is affected by an authentication bypass vulnerability.


The version of IBM WebSphere Service Registry and Repository is 7.0 earlier than Fix Pack 1. Such versions are potentially affected by a flaw in the implementation of access controls in the EJB interface. A remote, unauthenticated attacker could exploit this flaw in order to bypass access controls.


Upgrade to IBM WebSphere Service Registry and Repository 7.0.0 Fix Pack 1 or later.

See Also

Plugin Details

Severity: Medium

ID: 70070

File Name: websphere_service_registry_and_repository_7001.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2013/09/23

Modified: 2015/01/20

Dependencies: 70069

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_service_registry_and_repository

Required KB Items: installed_sw/IBM WebSphere Service Registry and Repository

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/11/29

Vulnerability Publication Date: 2010/11/29

Reference Information

CVE: CVE-2010-2644

BID: 45585

OSVDB: 70020