vulnerability

IBM WebSphere Application Server: CVE-2011-4889: WebSphere Application Server Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Feb 8, 2018	May 3, 2018	Jan 17, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Feb 8, 2018

Added

May 3, 2018

Modified

Jan 17, 2025

Description

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

Solutions

ibm-was-upgrade-6-1-0-0-6-1-0-43ibm-was-upgrade-7-0-0-0-7-0-0-21ibm-was-upgrade-8-0-0-0-8-0-0-2

References

CVE-2011-4889
https://attackerkb.com/topics/CVE-2011-4889
URL-https://exchange.xforce.ibmcloud.com/vulnerabilities/72581
URL-https://www-304.ibm.com/support/docview.wss?uid=swg21587015

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today