Vigil@nce - WebSphere AS: access via LocalOS/RACF
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When WebSphere Application Server is installed on z/OS, an
attacker can use a vulnerability of System Authorization Facility,
in order to access to applications.
Severity: 2/4
Creation date: 15/04/2011
IMPACTED PRODUCTS
– IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
On z/OS, WebSphere Application Server can be configured:
– with a Local OS User Registry
– with a Federated Repository
using RACF (Resource Access Control Facility), based on SAF
(System Authorization Facility).
However, an attacker can use a vulnerability of System
Authorization Facility, in order to access to applications.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-access-via-LocalOS-RACF-10567