Vulnerability Description
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 7.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?&uid=swg21651880Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87476
- http://www-01.ibm.com/support/docview.wss?&uid=swg21651880Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87476
FAQ
What is CVE-2013-5414?
CVE-2013-5414 is a vulnerability with a CVSS score of 3.5 (LOW). The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role a...
How severe is CVE-2013-5414?
CVE-2013-5414 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5414?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.