Web Servers : IBM WebSphere Application Server Multiple Vulnerabilities (swg21647522)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.806834

Category: Web Servers

Title: IBM WebSphere Application Server Multiple Vulnerabilities (swg21647522)

Summary: IBM WebSphere Application Server is prone to multiple; vulnerabilities.

Description: Summary:
IBM WebSphere Application Server is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An improper checking of the certificate.

- An improper validation of input in the UDDI Administrative console.

Vulnerability Impact:
Successful exploitation will allow remote attacker to monitor
and capture user activity, to traverse directories on the system, to bypass security
restrictions, to hijack a valid user's session, causes denial of service and leads to information
disclosure.

Affected Software/OS:
IBM WebSphere Application Server version 6.1.x prior to
6.1.0.47, 7.0.x prior to 7.0.0.31, 8.0.x prior to 8.0.0.8 and 8.5.x prior to 8.5.5.1.

Solution:
Update to version 6.1.0.47, 7.0.0.31, 8.0.0.8, 8.5.5.1 or
later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4052
AIX APAR: PM91892
http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892
XForce ISS Database: was-cve20134052-xss(86504)
https://exchange.xforce.ibmcloud.com/vulnerabilities/86504
Common Vulnerability Exposure (CVE) ID: CVE-2013-4053
AIX APAR: PM90949
http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949
AIX APAR: PM91521
http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521
XForce ISS Database: was-cve20134053-priv-escalation(86505)
https://exchange.xforce.ibmcloud.com/vulnerabilities/86505

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.806834
Category:	Web Servers
Title:	IBM WebSphere Application Server Multiple Vulnerabilities (swg21647522)
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An improper checking of the certificate. - An improper validation of input in the UDDI Administrative console. Vulnerability Impact: Successful exploitation will allow remote attacker to monitor and capture user activity, to traverse directories on the system, to bypass security restrictions, to hijack a valid user's session, causes denial of service and leads to information disclosure. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.47, 7.0.x prior to 7.0.0.31, 8.0.x prior to 8.0.0.8 and 8.5.x prior to 8.5.5.1. Solution: Update to version 6.1.0.47, 7.0.0.31, 8.0.0.8, 8.5.5.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4052 AIX APAR: PM91892 http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 XForce ISS Database: was-cve20134052-xss(86504) https://exchange.xforce.ibmcloud.com/vulnerabilities/86504 Common Vulnerability Exposure (CVE) ID: CVE-2013-4053 AIX APAR: PM90949 http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949 AIX APAR: PM91521 http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521 XForce ISS Database: was-cve20134053-priv-escalation(86505) https://exchange.xforce.ibmcloud.com/vulnerabilities/86505
Copyright	Copyright (C) 2016 Greenbone AG