CVE-2011-1312

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1.0.x through 6.1.0.30 IBM WebSphere Application Server versions 7.x through 7.0.0.14

Description The issue concerns the Administrative Console component in IBM WebSphere Application Server, where it fails to prevent modifications of the primary admin id. This allows remote authenticated administrators to bypass intended access restrictions. They can do this by mapping a user or group to an administrator role, thus exploiting the lack of proper access control.

Recommendations For IBM WebSphere Application Server versions 6.1.0.x through 6.1.0.30, update to version 6.1.0.31 or later. For IBM WebSphere Application Server versions 7.x through 7.0.0.14, update to version 7.0.0.15 or later.