CVE-2011-1311

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions prior to 7.0.0.15

Description The issue arises when a J2EE 1.4 application is used in the Security component of IBM WebSphere Application Server. It incorrectly determines security role mapping based on the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file. This might allow remote authenticated users to gain privileges under certain circumstances by requesting a service.

Recommendations For versions prior to 7.0.0.15, update to version 7.0.0.15 or later to resolve the issue.