IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1IV63498 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21693389 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/97709 - |
Information
Published : 2014-12-29 02:59
Updated : 2024-11-21 02:13
NVD link : CVE-2014-6160
Mitre link : CVE-2014-6160
CVE.ORG link : CVE-2014-6160
JSON object : View
Products Affected
ibm
- webseal
- websphere_service_registry_and_repository
- chrome
CWE
CWE-264
Permissions, Privileges, and Access Controls