CVE-2011-4889 — IBM Websphere Application Server vulnerability

CWE-2543 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.8%
top 25.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedFeb 8
Latest updateMay 14

Description

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/websphere_application_server6.1 — 6.1.0.43+2

🔴Vulnerability Details

2
GHSA
GHSA-h743-xg85-x3jr: The javax↗2022-05-14
â–¶
CVEList
CVE-2011-4889: The javax↗2018-02-08
â–¶
CVE-2011-4889 — IBM vulnerability | cvebase