Vulnerability Description
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Z\/Os | - |
| Ibm | Websphere Application Server | 6.1.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388
- http://www.ibm.com/support/docview.wss?uid=swg21611313Vendor Advisory
- http://www.securityfocus.com/bid/55671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77697
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388
- http://www.ibm.com/support/docview.wss?uid=swg21611313Vendor Advisory
- http://www.securityfocus.com/bid/55671
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77697
FAQ
What is CVE-2012-3311?
CVE-2012-3311 is a vulnerability with a CVSS score of 3.3 (LOW). IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP...
How severe is CVE-2012-3311?
CVE-2012-3311 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3311?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Z\/Os, Ibm Websphere Application Server.