CVE-2014-6160 — IBM Websphere Service Registry AND Repository vulnerability

CWE-2643 documents3 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 64.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Service Registry AND Repository

Timeline

PublishedDec 29

Latest updateMay 17

Description

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_service_registry_and_repository8.5

🔴Vulnerability Details

GHSA

GHSA-w5cv-2gw6-jxhf: IBM WebSphere Service Registry and Repository (WSRR) 8↗2022-05-17

▶

CVEList

CVE-2014-6160: IBM WebSphere Service Registry and Repository (WSRR) 8↗2014-12-29

▶