NVD

Id
39736  
Name
CVE-2013-4053  
Description
The WS-Security implementation in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1, and WAS Feature Pack for Web Services 6.1 before 6.1.0.47, when a trust store is configured for XML Digital Signatures, does not properly verify X.509 certificates, which allows remote attackers to obtain privileged access via unspecified vectors.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-09-20  
Modified Date
2013-09-23  
Seq
2013-4053  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
202096 39736 CVE-2013-4053 PM90949  View
202097 39736 CVE-2013-4053 PM91521  View
202098 39736 CVE-2013-4053 http://www.ibm.com/support/docview.wss?uid=swg21647522  View
202099 39736 CVE-2013-4053 was-cve20134053-priv-escalation(86505)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22679 JVNDB-2013-004254 IBM WebSphere Application Server および WAS Feature Pack for Web Services における特権的アクセス権を取得される IBM WebSphere Application Server (WAS) および WAS Feature Pack for Web Services の WS-Security の実装は、トラストストア (trust store) が XML デジタル署名用に設定されている場合、X.509 証明書を適切に検証しないため、特権的アクセス権を取得される脆弱性が存在します。 CVE-2013-4053 63995 CVE-2013-4053 39736 6.8 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004254.html 2013-09-09 2013-09-24 View