CVE-2012-3306 — IBM Websphere Application Server vulnerability

CWE-2553 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 43.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedSep 25

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, when multi-domain support is configured, does not purge password data from the authentication cache, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server51 versions+50

🔴Vulnerability Details

GHSA

GHSA-vjjr-whj3-xg6q: IBM WebSphere Application Server (WAS) 6↗2022-05-17

▶

CVEList

CVE-2012-3306: IBM WebSphere Application Server (WAS) 6↗2012-09-25

▶