CVE-2011-4889

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
6.1 ≤
𝑥
< 6.1.0.43
ibmwebsphere_application_server
7.0 ≤
𝑥
< 7.0.0.21
ibmwebsphere_application_server
8.0 ≤
𝑥
< 8.0.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
https://www-304.ibm.com/support/docview.wss?uid=swg21587015
https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
https://www-304.ibm.com/support/docview.wss?uid=swg21587015