CVE-2010-2644

{"id": "CVE-2010-2644", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-12-22T21:00:01.333", "references": [{"url": "http://secunia.com/advisories/42742", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ72563", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24026132", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63640", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API requests to an EJB interface."}, {"lang": "es", "value": "IBM WebSphere Service Registry y Repository (WSRR) 7v.0.0 anterior FP1 no implementa el control de acceso adecuadamente, lo que permite a atacantes remotos realizar acciones de gobierno a trav\u00e9s de peticiones API no especificadas en una interfaz EJB. \r\n\r\n\r\n"}], "lastModified": "2017-08-17T01:32:46.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F0A1926-D9D5-45EF-AA33-185093A88074"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}