CVE-2011-1209 — IBM Websphere Application Server vulnerability

CWE-3105 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 68.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 4

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server46 versions+45

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c833-h92x-3p97: IBM WebSphere Application Server (WAS) 6↗2022-05-17

▶

CVEList

CVE-2011-1209: IBM WebSphere Application Server (WAS) 6↗2011-05-04

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server - Payload Execution (via SQL Injection) (Metasploit)↗2011-02-08

▶

💬Community

Bugzilla

CVE-2011-2916 freenx-client: qtnx stores configuration, including non-default authentication key, with insecure permissions↗2011-08-11

▶