CVE-2011-1307 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 85.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMar 8

Latest updateMay 17

Description

The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server7.0.0.13+138

🔴Vulnerability Details

GHSA

GHSA-vj5c-g6v8-g74w: The installer in IBM WebSphere Application Server (WAS) before 7↗2022-05-17

▶

CVEList

CVE-2011-1307: The installer in IBM WebSphere Application Server (WAS) before 7↗2011-03-08

▶