CVE-2013-0540

medium

Description

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82695

http://www-01.ibm.com/support/docview.wss?uid=swg1PM81056

http://www-01.ibm.com/support/docview.wss?&uid=swg21632423

Details

Source: Mitre, NVD

Published: 2013-04-24

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: Medium