PT-2017-1546 · Ibm · Ibm Websphere Application Server

Publicado

2017-03-20

Atualizado

2019-10-03

CVE-2017-1151

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebSphere Application Server versions 8.0 through 9.0

Description The issue is related to insufficient access control in the OpenID Connect (OIDC) and Trust Association Interceptor (TAI) components of the WebSphere Application Server. This could allow a remote attacker to gain elevated privileges on the system.

Recommendations For versions 8.0 through 9.0, update the configuration to properly restrict access control for OpenID Connect and Trust Association Interceptor components to prevent privilege escalation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2017-00691

CVE-2017-1151

Produtos afetados

Ibm Websphere Application Server

PT-2017-1546 · Ibm · Ibm Websphere Application Server

CVE-2017-1151

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6