CVE-2014-6160

IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV63498
http://www-01.ibm.com/support/docview.wss?uid=swg21693389	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/97709

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*

OR	cpe:2.3:a:google:chrome:-:::::::*
	cpe:2.3:a:ibm:webseal:-:::::::*

History

No history.

Information

Published : 2014-12-29 02:59

Updated : 2024-02-04 18:35

NVD link : CVE-2014-6160

Mitre link : CVE-2014-6160

CVE.ORG link : CVE-2014-6160

JSON object : View

Products Affected

ibm

webseal
websphere_service_registry_and_repository

google

chrome

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-6160", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-29T02:59:01.363", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV63498", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693389", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97709", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation."}, {"lang": "es", "value": "IBM WebSphere Service Registry y Repository (WSRR) 8.5 anterior a 8.5.0.1, cuando se usan Chrome y WebSEAL, no procesa adecuadamente ServiceRegistryDashboard las acciones de logout, lo que permite a atacantes saltarse las restricciones de acceso aprovechando una estaci\u00f3n de trabajo desatendida."}], "lastModified": "2017-09-08T01:29:10.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_service_registry_and_repository:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CF066A0-BF24-44B6-83E1-0D45CDFBC31A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"}, {"criteria": "cpe:2.3:a:ibm:webseal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A5CF1B0B-BDD8-4518-BB8D-F3135E6D6851"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}