News
Vigil@nce: WebSphere AS 8.0, four vulnerabilities
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of WebSphere Application Server.
Severity: 2/4
Creation date: 17/01/2012
IMPACTED PRODUCTS
IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in WebSphere Application Server.
VMM (Virtual Member Manager) does not correctly process password updates. [severity:2/4; PM52049]
An attacker can create a Cross Site Scripting in the Web Messaging. [severity:2/4; BID-51414, BID-51559, CVE-2011-5065, PM37840]
When WebSphere Application Server is installed on IBM i, the iscdeploy script applies invalid permissions on some files, so a local attacker can read or write their content (VIGILANCE-VUL-11285 (https://vigilance.fr/tree/1/11285)). [severity:2/4; BID-51420, CVE-2011-1376, PM49712]
A vulnerability of WebSphere Application Server impacts JAX-WS applications with WS-Security enabled (VIGILANCE-VUL-11089 (https://vigilance.fr/tree/1/11089)). [severity:2/4; BID-50310, PM43585]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
