CVE-2016-2960Improper Access Control in IBM Websphere Application Server

CWE-284Improper Access Control3 documents3 sources
Severity
3.7LOWNVD
EPSS
0.7%
top 28.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedAug 8
Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-x8r3-pr2v-2qxg: IBM WebSphere Application Server (WAS) 72022-05-17
CVEList
CVE-2016-2960: IBM WebSphere Application Server (WAS) 72016-08-08
CVE-2016-2960 — Improper Access Control in IBM | cvebase