IBM WebSphere Application Server administrator access Security Bypass Vulnerability
Release date:
Updated on: 2012-09-03
Affected Systems:
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 8.0 2
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 7.0 21
IBM Websphere Application Server 6.1.0.43
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55309
Cve id: CVE-2012-3325
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.
IBM WebSphere Application Server 6.1.0.43, 7.0.0.21-7.0.0.23, 8.0.0.2-8.0.0.4, and 8.5.0.0 have errors in verifying user creden。. They can be accessed as administrators. To successfully exploit this vulnerability, you must apply a temporary PM44303 fix or a PM44303 fix package.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21609067
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/