CVE-2011-1377 — IBM Websphere Application Server vulnerability

6 documents3 sources

Severity

10.0CRITICALNVD

NVD4.3

EPSS

1.4%

top 19.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Message Broker

Timeline

PublishedJan 15

Latest updateMay 17

Description

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/websphere_application_server65 versions+64

▶NVDibm/websphere_message_broker10 versions+9

🔴Vulnerability Details

GHSA

GHSA-hfwj-43j6-7v2f: The Web Services Security component in the Web Services Feature Pack before 6↗2022-05-17

▶

GHSA

GHSA-fm76-74p2-rjp6: IBM WebSphere Application Server (WAS) 7↗2022-05-05

▶

CVEList

CVE-2013-0482: IBM WebSphere Application Server (WAS) 7↗2013-05-29

▶

CVEList

CVE-2011-1377: The Web Services Security component in the Web Services Feature Pack before 6↗2012-01-15

▶