Vulnerability Description
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 6.1.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK88606
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
FAQ
What is CVE-2011-1312?
CVE-2011-1312 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remo...
How severe is CVE-2011-1312?
CVE-2011-1312 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1312?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.