CVE-2012-3306

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions 6.1 before 6.1.0.45 IBM WebSphere Application Server (WAS) versions 7.0 before 7.0.0.25 IBM WebSphere Application Server (WAS) versions 8.0 before 8.0.0.5 IBM WebSphere Application Server (WAS) versions 8.5 before 8.5.0.1

Description The issue is related to the failure of IBM WebSphere Application Server to purge password data from the authentication cache when multi-domain support is configured. This has an unspecified impact and can be exploited remotely.

Recommendations For IBM WebSphere Application Server (WAS) version 6.1 before 6.1.0.45, update to version 6.1.0.45 or later. For IBM WebSphere Application Server (WAS) version 7.0 before 7.0.0.25, update to version 7.0.0.25 or later. For IBM WebSphere Application Server (WAS) version 8.0 before 8.0.0.5, update to version 8.0.0.5 or later. For IBM WebSphere Application Server (WAS) version 8.5 before 8.5.0.1, update to version 8.5.0.1 or later.