CVE-2003-1447 — IBM Websphere Application Server vulnerability

CWE-3104 documents4 sources
Severity
1.9LOWNVD
EPSS
0.0%
top 88.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2753-chm6-qr3j: IBM WebSphere Advanced Server Edition 4↗2022-04-29
â–¶
CVEList
CVE-2003-1447: IBM WebSphere Advanced Server Edition 4↗2007-10-23
â–¶

📋Vendor Advisories

1
Red Hat
bind: implement source UDP port randomization (CERT VU#800113)↗2008-07-08
â–¶
CVE-2003-1447 — IBM vulnerability | cvebase