CVE-2014-3070

EUVD-2014-3091
The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task in IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
8.5.0.0
ibmwebsphere_application_server
8.5.0.1
ibmwebsphere_application_server
8.5.0.2
ibmwebsphere_application_server
8.5.5.0
ibmwebsphere_application_server
8.5.5.1
ibmwebsphere_application_server
8.5.5.2
ibmwebsphere_application_server
8.0.0.0
ibmwebsphere_application_server
8.0.0.1
ibmwebsphere_application_server
8.0.0.2
ibmwebsphere_application_server
8.0.0.3
ibmwebsphere_application_server
8.0.0.4
ibmwebsphere_application_server
8.0.0.5
ibmwebsphere_application_server
8.0.0.6
ibmwebsphere_application_server
8.0.0.7
ibmwebsphere_application_server
8.0.0.8
ibmwebsphere_application_server
8.0.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765
http://www-01.ibm.com/support/docview.wss?uid=swg21681249
http://www.securityfocus.com/bid/69296
https://exchange.xforce.ibmcloud.com/vulnerabilities/93777
http://www-01.ibm.com/support/docview.wss?uid=swg1PI16765
http://www-01.ibm.com/support/docview.wss?uid=swg21681249
http://www.securityfocus.com/bid/69296
https://exchange.xforce.ibmcloud.com/vulnerabilities/93777