Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to ibm - websphere_application_server_feature_pack_for_web_services

Vulnerability from fkie_nvd

Published

2013-09-20 21:55

Modified

2024-11-21 01:54

Severity ?

Summary

The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21647522	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86505
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21647522	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86505

Impacted products

Vendor	Product	Version
ibm	websphere_application_server	8.5.0.0
ibm	websphere_application_server	8.5.0.1
ibm	websphere_application_server	8.5.0.2
ibm	websphere_application_server	8.5.5.0
ibm	websphere_application_server	7.0
ibm	websphere_application_server	7.0.0.1
ibm	websphere_application_server	7.0.0.2
ibm	websphere_application_server	7.0.0.3
ibm	websphere_application_server	7.0.0.4
ibm	websphere_application_server	7.0.0.5
ibm	websphere_application_server	7.0.0.6
ibm	websphere_application_server	7.0.0.7
ibm	websphere_application_server	7.0.0.8
ibm	websphere_application_server	7.0.0.9
ibm	websphere_application_server	7.0.0.10
ibm	websphere_application_server	7.0.0.11
ibm	websphere_application_server	7.0.0.12
ibm	websphere_application_server	7.0.0.13
ibm	websphere_application_server	7.0.0.14
ibm	websphere_application_server	7.0.0.15
ibm	websphere_application_server	7.0.0.16
ibm	websphere_application_server	7.0.0.17
ibm	websphere_application_server	7.0.0.18
ibm	websphere_application_server	7.0.0.19
ibm	websphere_application_server	7.0.0.21
ibm	websphere_application_server	7.0.0.22
ibm	websphere_application_server	7.0.0.23
ibm	websphere_application_server	7.0.0.24
ibm	websphere_application_server	7.0.0.25
ibm	websphere_application_server	7.0.0.27
ibm	websphere_application_server	7.0.0.29
ibm	websphere_application_server	8.0.0.0
ibm	websphere_application_server	8.0.0.1
ibm	websphere_application_server	8.0.0.2
ibm	websphere_application_server	8.0.0.3
ibm	websphere_application_server	8.0.0.4
ibm	websphere_application_server	8.0.0.5
ibm	websphere_application_server	8.0.0.6
ibm	websphere_application_server	8.0.0.7
ibm	websphere_application_server	6.1
ibm	websphere_application_server	6.1.0
ibm	websphere_application_server	6.1.0.0
ibm	websphere_application_server	6.1.0.1
ibm	websphere_application_server	6.1.0.2
ibm	websphere_application_server	6.1.0.3
ibm	websphere_application_server	6.1.0.5
ibm	websphere_application_server	6.1.0.7
ibm	websphere_application_server	6.1.0.9
ibm	websphere_application_server	6.1.0.11
ibm	websphere_application_server	6.1.0.12
ibm	websphere_application_server	6.1.0.13
ibm	websphere_application_server	6.1.0.14
ibm	websphere_application_server	6.1.0.15
ibm	websphere_application_server	6.1.0.17
ibm	websphere_application_server	6.1.0.19
ibm	websphere_application_server	6.1.0.21
ibm	websphere_application_server	6.1.0.23
ibm	websphere_application_server	6.1.0.25
ibm	websphere_application_server	6.1.0.27
ibm	websphere_application_server	6.1.0.29
ibm	websphere_application_server	6.1.0.31
ibm	websphere_application_server	6.1.0.33
ibm	websphere_application_server	6.1.0.35
ibm	websphere_application_server	6.1.0.37
ibm	websphere_application_server	6.1.0.39
ibm	websphere_application_server	6.1.0.41
ibm	websphere_application_server	6.1.0.43
ibm	websphere_application_server	6.1.0.45
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.11
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.13
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.15
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.17
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.19
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.21
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.23
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.25
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.27
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.29
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.31
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.33
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.35
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.37
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.39
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.41
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.43
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.45
ibm	websphere_application_server_feature_pack_for_web_services	6.1.0.47

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE94EFF2-CA86-4179-8250-350DF0D2BE83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "373412A5-2971-4C92-BAAE-A1B77D2DA723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "920F69CD-DEDB-4393-BE6E-B837BA6820B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B5FE844-7F1C-4326-94EF-2CC0B4196085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5662B903-5480-403D-BC3D-2222F88264A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F830D7B-17C2-40B5-B4A4-7A99980F63AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D82C3F2-9C50-4D1A-B939-77FC53E44EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E6BAB6-D0D8-4698-BCF9-05D5A256FD37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB7ACE7-6572-4D19-8E7A-BB9FC57AA343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF042A51-E34A-482C-8601-9FD09E6C866A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "075EC2D3-8A48-4103-910C-724A4CAF43DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BFE6260-F130-44E1-9A31-985153F51385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "489E4427-4059-4026-B952-72364AFFC135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B95D1940-E5AD-4B59-80B4-C3370BB03169",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF1667C5-D19B-469C-82D5-8406B6D75EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89551609-69B7-452A-9CB2-04C12D268B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF27B7D7-4442-47CA-880D-D3B5412AEF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B595B048-4204-49B4-9497-B8D119C8784D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC38B5D4-66A3-4671-9099-0F38D283BA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B357DB53-061F-43D5-9E9F-5D5468A5805B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29ADADD2-EC21-4C45-A381-BC2091CD9F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD901DE-9258-40DA-A09B-B0CA9DCCF843",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9CDD56-921C-4FAF-87E2-14B91EC1A93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95255265-6D69-46D3-9FFA-8EDB1734375C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4191D3-64AB-482C-9DEF-DD04C4C942CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FC6EB31-9707-408B-8BF5-66BD23441A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B73E052-AF4F-4543-AA03-F5B1FA976EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "23171B81-C991-467A-95A4-EDDAC59C37BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2586C584-3258-414B-AB28-1EBA0DBD0B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA175EA-EDC6-4228-8E28-E9BBC981E60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6A4EC9D-98C2-40B0-BA40-4838FE8D1FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AF5BB33-4E78-4123-8093-EBEE2F2B5598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3F4B8EA-9299-42C1-AAFB-831701ED2FA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45B6F32-5DFF-4833-9F0F-89576724CF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C8054A-8581-4936-AF94-291AE56EB4DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CA9A59-DFE4-4566-8719-E6FA4720F06A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A89DD1BF-4AB0-480D-9856-B1BEA73A4AAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E119EF-B6A5-4B6C-B199-C64F62CA7CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C8FA3D-9162-4D9B-8250-FAC93ED77A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06DE5D4-D3A5-4783-ACE0-A80808DB09C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABBABA44-D18E-4329-9C2B-90828DAD468B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDBB08AC-52AD-4D5A-9E76-AFB283D5FE5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "335D5585-9587-4AD7-A18E-4A3706ABBAF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "A80D58C4-3DCA-4A37-9626-6DC957CEBE90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "38ABD537-EA96-4049-AF05-29C8A6C6D96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3B2A9B-C647-4C9E-9F1E-B7996C558EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "550773DB-D436-4AB3-834D-D8FAC7345A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F65FE5-113E-43A0-BA47-87D76E709CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EEE94F-7B2D-43E1-A410-F913D646B25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "E40505D7-F7FB-407D-88E6-8B0AFF5E3546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "7202F301-353F-49F0-867A-C824EA3C4AD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "350CC22B-518B-477D-ABFC-FCFDDE06365F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B5767F1-F1D7-4769-AFDF-5717A981B051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "840F3565-BE89-45A0-A6BB-9326F0C85E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E14E86-F146-41FA-9BD9-F7AF6F39423C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A9517BC-2D2D-42AB-8BC2-4179F0C53D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A704BD62-49AB-41EE-8CE2-77FA5672A67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F110D5-87B2-4D9A-ABD8-6083E147F81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "261C7E70-DA64-4935-A6BE-7A860C762889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86660F8-CBAC-4864-91ED-66A8DC4DA936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFBE15C5-F7C6-4018-95EF-E321C9E4DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "08918602-2C31-4BF8-8C6E-B2EBC4BAC251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2EDE39-F6D5-4327-8405-D4DEC7519545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01F3432-323F-4C9C-BDB1-2BCB5D22D0E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9B446C7-0F9E-42AE-828E-2D7D308DFE37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5B82ED-E2DD-47A0-BAE8-7FC3DCFB2AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "231A8E29-39B5-4AC0-B405-20EDDA5031D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "E17EAAEC-01D3-45A7-BA29-6365B3EACCB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "30FD7CFD-63D7-443C-A27C-FDB7D60BEAB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server_feature_pack_for_web_services:6.1.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "C74601A2-37A6-48F8-A2E9-5FC5F70761E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n WS-Security en IBM WebSphere Application (WAS) 6.1 (anteriores a 6.1.0.47), 7.0 (anteriores a 7.0.0.31), 8.0 (anteriores a 8.5.5.1) y WAS Feature Pack para Web Services 6.1 (anteriores a 6.1.0.47), cuando un almac\u00e9n de confianza es configurado para Firmas Digitales XML, no verifica certificados X.509 apropiadamente, lo que permite a atacantes remotos obtener acceso con privilegios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-4053",
  "lastModified": "2024-11-21T01:54:47.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-20T21:55:05.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21647522"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21647522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86505"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-4053

Vulnerability from cvelistv5

Published

2013-09-20 21:00

Modified

2024-08-06 16:30

Severity ?

Summary

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86505	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg21647522	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521	vendor-advisory, x_refsource_AIXAPAR

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PM90949",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949"
          },
          {
            "name": "was-cve20134053-priv-escalation(86505)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86505"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21647522"
          },
          {
            "name": "PM91521",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "PM90949",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949"
        },
        {
          "name": "was-cve20134053-priv-escalation(86505)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86505"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21647522"
        },
        {
          "name": "PM91521",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PM90949",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949"
            },
            {
              "name": "was-cve20134053-priv-escalation(86505)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86505"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21647522",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21647522"
            },
            {
              "name": "PM91521",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4053",
    "datePublished": "2013-09-20T21:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}