CVE-2012-2162 — IBM Websphere Application Server vulnerability

CWE-3103 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 27.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 1

Latest updateMay 17

Description

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server8.0.0.0+134

🔴Vulnerability Details

GHSA

GHSA-79xx-9qmj-6mhv: The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8↗2022-05-17

▶

CVEList

CVE-2012-2162: The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8↗2012-05-01

▶