CVE-2013-0540Improper Authentication in IBM Websphere Application Server

CWE-287Improper Authentication3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.1%
top 68.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedApr 24
Latest updateMay 5

Description

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_application_server8.5.0.0, 8.5.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-w6qr-m3xv-ffm8: IBM WebSphere Application Server (WAS) Liberty Profile 82022-05-05
CVEList
CVE-2013-0540: IBM WebSphere Application Server (WAS) Liberty Profile 82013-04-24
CVE-2013-0540 — Improper Authentication in IBM | cvebase