CVE-2010-3186

EPSS 1.9%
Veröffentlicht 30.08.2010 20:00:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Websphere Application Server Version7.0

Ibm ≫ Websphere Application Server Version7.0.0.1

Ibm ≫ Websphere Application Server Version7.0.0.2

Ibm ≫ Websphere Application Server Version7.0.0.3

Ibm ≫ Websphere Application Server Version7.0.0.4

Ibm ≫ Websphere Application Server Version7.0.0.5

Ibm ≫ Websphere Application Server Version7.0.0.6

Ibm ≫ Websphere Application Server Version7.0.0.7

Ibm ≫ Websphere Application Server Version7.0.0.9

Ibm ≫ Websphere Application Server Version7.0.0.10

Ibm ≫ Websphere Application Server Version7.0.0.11

Ibm ≫ Websphere Application Server Version6.1.0.9

Ibm ≫ Websphere Application Server Version6.1.0.10

Ibm ≫ Websphere Application Server Version6.1.0.11

Ibm ≫ Websphere Application Server Version6.1.0.12

Ibm ≫ Websphere Application Server Version6.1.0.13

Ibm ≫ Websphere Application Server Version6.1.0.14

Ibm ≫ Websphere Application Server Version6.1.0.15

Ibm ≫ Websphere Application Server Version6.1.0.16

Ibm ≫ Websphere Application Server Version6.1.0.17

Ibm ≫ Websphere Application Server Version6.1.0.18

Ibm ≫ Websphere Application Server Version6.1.0.19

Ibm ≫ Websphere Application Server Version6.1.0.20

Ibm ≫ Websphere Application Server Version6.1.0.21

Ibm ≫ Websphere Application Server Version6.1.0.22

Ibm ≫ Websphere Application Server Version6.1.0.23

Ibm ≫ Websphere Application Server Version6.1.0.24

Ibm ≫ Websphere Application Server Version6.1.0.25

Ibm ≫ Websphere Application Server Version6.1.0.26

Ibm ≫ Websphere Application Server Version6.1.0.27

Ibm ≫ Websphere Application Server Version6.1.0.29

Ibm ≫ Websphere Application Server Version6.1.0.31

Ibm ≫ Websphere Application Server Version6.1.0.32

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.9%	0.816

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/67570

http://secunia.com/advisories/41173

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PM08360

http://www-01.ibm.com/support/docview.wss?uid=swg1PM16014

http://www-01.ibm.com/support/docview.wss?uid=swg21443736

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24027708

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24027709

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2215

https://exchange.xforce.ibmcloud.com/vulnerabilities/61435

https://nvd.nist.gov/vuln/detail/CVE-2010-3186

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-3186

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-3186

EUVD