CVE-2011-4889 Information

Description

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43 7.0 before 7.0.0.21 and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/72581 https://www-304.ibm.com/support/docview.wss?uid=swg21587015

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8