CVE-2010-1651 — IBM Websphere Application Server vulnerability

CWE-3103 documents3 sources

Severity

1.9LOWNVD

EPSS

0.0%

top 85.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 3

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server44 versions+43

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-q6v4-3rm3-h7fp: IBM WebSphere Application Server (WAS) 6↗2022-05-17

▶

CVEList

CVE-2010-1651: IBM WebSphere Application Server (WAS) 6↗2010-04-30

▶