CVE-2010-0786 — Improper Input Validation in IBM Websphere Application Server

CWE-20 — Improper Input Validation6 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 30.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedNov 9
Latest updateMay 2

Description

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDibm/websphere_application_server13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-vhwp-mggx-mfqp: The Web Services Security component in IBM WebSphere Application Server (WAS) 7↗2022-05-02
â–¶
CVEList
CVE-2010-0786: The Web Services Security component in IBM WebSphere Application Server (WAS) 7↗2010-11-09
â–¶

💬Community

3
Bugzilla
CVE-2010-3572 JDK unspecified vulnerability in Sound component↗2010-10-13
â–¶
Bugzilla
CVE-2010-3556 JDK unspecified vulnerability in 2D component↗2010-10-13
â–¶
Bugzilla
CVE-2010-3571 JDK unspecified vulnerability in 2D component↗2010-10-13
â–¶
CVE-2010-0786 — Improper Input Validation in IBM | cvebase