CVE-2001-1189 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 79.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedDec 13

Latest updateApr 30

Description

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server10 versions+9

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wp7h-8r27-qf8v: IBM Websphere Application Server 3↗2022-04-30

▶

CVEList

CVE-2001-1189: IBM Websphere Application Server 3↗2002-03-15

▶