Detections
Analytics

IBM WebSphere 'ResetPassword' Information Disclosure

low Nessus Network Monitor Plugin ID 2712

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote WebSphere webserver is vulnerable to an information leak. There is a flaw in the default ResetPassword form that would allow a remote attacker to obtain potentially confidential data (such as UserID) within the web server cache. An attacker exploiting this flaw would only need to be able to browse to the affected system and view the confidential data within the form source code.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg21199839

Plugin Details

Severity: Low

ID: 2712

Family: Web Servers

Published: 3/15/2005

Updated: 3/6/2019

Nessus ID: 17337

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

BID: 12812