5

CVE-2010-0563

The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/38425
Vendor Advisory
http://securitytracker.com/id?1023551
http://www-01.ibm.com/support/docview.wss?uid=swg21417839
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PM00610
http://www.osvdb.org/62140
http://www.securityfocus.com/bid/38122