CVE-2013-5414
N/A
N/A
Summary
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87476
- http://www-01.ibm.com/support/docview.wss?&uid=swg21651880
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87476
- http://www-01.ibm.com/support/docview.wss?&uid=swg21651880
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.