CVE-2013-5414

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 7.0.0.30 IBM WebSphere Application Server versions 8.0 through 8.0.0.7 IBM WebSphere Application Server versions 8.5 through 8.5.5.0

Description The migration functionality in IBM WebSphere Application Server does not properly support the distinction between the admin role and the adminsecmanager role. This allows remote authenticated users to gain privileges in certain circumstances by accessing resources during the time between a migration and a role evaluation.

Recommendations For IBM WebSphere Application Server versions 7.0 through 7.0.0.30, update to version 7.0.0.31 or later. For IBM WebSphere Application Server versions 8.0 through 8.0.0.7, update to version 8.0.0.8 or later. For IBM WebSphere Application Server versions 8.5 through 8.5.5.0, update to version 8.5.5.1 or later.