CVE-2001-0962 — Improper Control of Interaction Frequency in IBM Websphere Application Server

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Commerce Suite

Timeline

PublishedSep 19

Latest updateApr 30

Description

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/websphere_application_server3.5.3

▶NVDibm/websphere_commerce_suite3.1.2, 3.2+1

🔴Vulnerability Details

GHSA

GHSA-cg5f-w52q-xvf6: IBM WebSphere Application Server 3↗2022-04-30

▶

CVEList

CVE-2001-0962: IBM WebSphere Application Server 3↗2002-06-25

▶