CVE-2008-7274Improper Input Validation in IBM Websphere Application Server

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 54.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedFeb 15
Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v39j-9cq4-4342: IBM WebSphere Application Server (WAS) 62022-05-17
CVEList
CVE-2008-7274: IBM WebSphere Application Server (WAS) 62011-02-14
CVE-2008-7274 — Improper Input Validation in IBM | cvebase