CVE-2011-1312

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.
Severity
UNKNOWN
AV:N/AC:L/Au:S/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
ibmwebsphere_application_server
6.1.0
ibmwebsphere_application_server
6.1.0.0
ibmwebsphere_application_server
6.1.0.1
ibmwebsphere_application_server
6.1.0.2
ibmwebsphere_application_server
6.1.0.3
ibmwebsphere_application_server
6.1.0.5
ibmwebsphere_application_server
6.1.0.7
ibmwebsphere_application_server
6.1.0.9
ibmwebsphere_application_server
6.1.0.11
ibmwebsphere_application_server
6.1.0.12
ibmwebsphere_application_server
6.1.0.15
ibmwebsphere_application_server
6.1.0.17
ibmwebsphere_application_server
6.1.0.19
ibmwebsphere_application_server
6.1.0.21
ibmwebsphere_application_server
6.1.0.23
ibmwebsphere_application_server
6.1.0.25
ibmwebsphere_application_server
6.1.0.27
ibmwebsphere_application_server
6.1.0.29
ibmwebsphere_application_server
7.0
ibmwebsphere_application_server
7.0.0.1
ibmwebsphere_application_server
7.0.0.2
ibmwebsphere_application_server
7.0.0.3
ibmwebsphere_application_server
7.0.0.4
ibmwebsphere_application_server
7.0.0.5
ibmwebsphere_application_server
7.0.0.6
ibmwebsphere_application_server
7.0.0.7
ibmwebsphere_application_server
7.0.0.8
ibmwebsphere_application_server
7.0.0.9
ibmwebsphere_application_server
7.0.0.11
ibmwebsphere_application_server
7.0.0.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration