CVE-2010-3186Improper Input Validation in IBM Websphere Application Server

CWE-20Improper Input Validation3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
1.4%
top 19.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedAug 30
Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vfpf-55wm-vcv7: IBM WebSphere Application Server (WAS) 72022-05-17
CVEList
CVE-2010-3186: IBM WebSphere Application Server (WAS) 72010-08-30
CVE-2010-3186 — Improper Input Validation in IBM | cvebase