6

CVE-2011-1311

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version <= 7.0.0.13
IbmWebsphere Application Server Version3.0.2.1
IbmWebsphere Application Server Version3.0.2.2
IbmWebsphere Application Server Version3.0.2.3
IbmWebsphere Application Server Version3.0.2.4
IbmWebsphere Application Server Version3.0.21
IbmWebsphere Application Server Version5.0.2.1
IbmWebsphere Application Server Version5.0.2.2
IbmWebsphere Application Server Version5.0.2.3
IbmWebsphere Application Server Version5.0.2.4
IbmWebsphere Application Server Version5.0.2.5
IbmWebsphere Application Server Version5.0.2.6
IbmWebsphere Application Server Version5.0.2.7
IbmWebsphere Application Server Version5.0.2.8
IbmWebsphere Application Server Version5.0.2.9
IbmWebsphere Application Server Version5.0.2.10
IbmWebsphere Application Server Version5.0.2.11
IbmWebsphere Application Server Version5.0.2.12
IbmWebsphere Application Server Version5.0.2.13
IbmWebsphere Application Server Version5.0.2.14
IbmWebsphere Application Server Version5.0.2.15
IbmWebsphere Application Server Version5.0.2.16
IbmWebsphere Application Server Version5.1.0.2
IbmWebsphere Application Server Version5.1.0.3
IbmWebsphere Application Server Version5.1.0.4
IbmWebsphere Application Server Version5.1.0.5
IbmWebsphere Application Server Version5.1.1.1
IbmWebsphere Application Server Version5.1.1.2
IbmWebsphere Application Server Version5.1.1.3
IbmWebsphere Application Server Version5.1.1.4
IbmWebsphere Application Server Version5.1.1.5
IbmWebsphere Application Server Version5.1.1.6
IbmWebsphere Application Server Version5.1.1.7
IbmWebsphere Application Server Version5.1.1.8
IbmWebsphere Application Server Version5.1.1.9
IbmWebsphere Application Server Version5.1.1.10
IbmWebsphere Application Server Version5.1.1.11
IbmWebsphere Application Server Version5.1.1.12
IbmWebsphere Application Server Version5.1.1.13
IbmWebsphere Application Server Version5.1.1.14
IbmWebsphere Application Server Version5.1.1.15
IbmWebsphere Application Server Version5.1.1.16
IbmWebsphere Application Server Version5.1.1.17
IbmWebsphere Application Server Version6.0.0.1
IbmWebsphere Application Server Version6.0.0.2
IbmWebsphere Application Server Version6.0.0.3
IbmWebsphere Application Server Version6.0.1.1
IbmWebsphere Application Server Version6.0.1.2
IbmWebsphere Application Server Version6.0.1.3
IbmWebsphere Application Server Version6.0.1.5
IbmWebsphere Application Server Version6.0.1.7
IbmWebsphere Application Server Version6.0.1.9
IbmWebsphere Application Server Version6.0.1.11
IbmWebsphere Application Server Version6.0.1.13
IbmWebsphere Application Server Version6.0.1.15
IbmWebsphere Application Server Version6.0.1.17
IbmWebsphere Application Server Version6.0.2.1
IbmWebsphere Application Server Version6.0.2.2
IbmWebsphere Application Server Version6.0.2.3
IbmWebsphere Application Server Version6.0.2.4
IbmWebsphere Application Server Version6.0.2.5
IbmWebsphere Application Server Version6.0.2.6
IbmWebsphere Application Server Version6.0.2.7
IbmWebsphere Application Server Version6.0.2.9
IbmWebsphere Application Server Version6.0.2.11
IbmWebsphere Application Server Version6.0.2.13
IbmWebsphere Application Server Version6.0.2.15
IbmWebsphere Application Server Version6.0.2.17
IbmWebsphere Application Server Version6.0.2.19
IbmWebsphere Application Server Version6.0.2.22
IbmWebsphere Application Server Version6.0.2.23
IbmWebsphere Application Server Version6.0.2.24
IbmWebsphere Application Server Version6.0.2.25
IbmWebsphere Application Server Version6.0.2.27
IbmWebsphere Application Server Version6.0.2.28
IbmWebsphere Application Server Version6.0.2.29
IbmWebsphere Application Server Version6.0.2.30
IbmWebsphere Application Server Version6.0.2.31
IbmWebsphere Application Server Version6.0.2.32
IbmWebsphere Application Server Version6.1.0.0
IbmWebsphere Application Server Version6.1.0.1
IbmWebsphere Application Server Version6.1.0.2
IbmWebsphere Application Server Version6.1.0.3
IbmWebsphere Application Server Version6.1.0.5
IbmWebsphere Application Server Version6.1.0.7
IbmWebsphere Application Server Version6.1.0.9
IbmWebsphere Application Server Version6.1.0.11
IbmWebsphere Application Server Version6.1.0.12
IbmWebsphere Application Server Version6.1.0.15
IbmWebsphere Application Server Version6.1.0.17
IbmWebsphere Application Server Version6.1.0.19
IbmWebsphere Application Server Version6.1.0.21
IbmWebsphere Application Server Version6.1.0.23
IbmWebsphere Application Server Version6.1.0.25
IbmWebsphere Application Server Version6.1.0.27
IbmWebsphere Application Server Version6.1.0.29
IbmWebsphere Application Server Version6.1.0.31
IbmWebsphere Application Server Version6.1.0.33
IbmWebsphere Application Server Version6.1.13
IbmWebsphere Application Server Version6.1.14
IbmWebsphere Application Server Version7.0.0.1
IbmWebsphere Application Server Version7.0.0.2
IbmWebsphere Application Server Version7.0.0.3
IbmWebsphere Application Server Version7.0.0.4
IbmWebsphere Application Server Version7.0.0.5
IbmWebsphere Application Server Version7.0.0.6
IbmWebsphere Application Server Version7.0.0.7
IbmWebsphere Application Server Version7.0.0.8
IbmWebsphere Application Server Version7.0.0.9
IbmWebsphere Application Server Version7.0.0.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.503
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P