CVE-2011-1312
08.03.2011, 21:59
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | websphere_application_server | 6.1.0 |
| ibm | websphere_application_server | 6.1.0.0 |
| ibm | websphere_application_server | 6.1.0.1 |
| ibm | websphere_application_server | 6.1.0.2 |
| ibm | websphere_application_server | 6.1.0.3 |
| ibm | websphere_application_server | 6.1.0.5 |
| ibm | websphere_application_server | 6.1.0.7 |
| ibm | websphere_application_server | 6.1.0.9 |
| ibm | websphere_application_server | 6.1.0.11 |
| ibm | websphere_application_server | 6.1.0.12 |
| ibm | websphere_application_server | 6.1.0.15 |
| ibm | websphere_application_server | 6.1.0.17 |
| ibm | websphere_application_server | 6.1.0.19 |
| ibm | websphere_application_server | 6.1.0.21 |
| ibm | websphere_application_server | 6.1.0.23 |
| ibm | websphere_application_server | 6.1.0.25 |
| ibm | websphere_application_server | 6.1.0.27 |
| ibm | websphere_application_server | 6.1.0.29 |
| ibm | websphere_application_server | 7.0 |
| ibm | websphere_application_server | 7.0.0.1 |
| ibm | websphere_application_server | 7.0.0.2 |
| ibm | websphere_application_server | 7.0.0.3 |
| ibm | websphere_application_server | 7.0.0.4 |
| ibm | websphere_application_server | 7.0.0.5 |
| ibm | websphere_application_server | 7.0.0.6 |
| ibm | websphere_application_server | 7.0.0.7 |
| ibm | websphere_application_server | 7.0.0.8 |
| ibm | websphere_application_server | 7.0.0.9 |
| ibm | websphere_application_server | 7.0.0.11 |
| ibm | websphere_application_server | 7.0.0.13 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration