NVD

Id
40712  
Name
CVE-2013-5414  
Description
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2013-11-18  
Modified Date
2013-11-19  
Seq
2013-5414  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
206052 40712 CVE-2013-5414 http://www-01.ibm.com/support/docview.wss?&uid=swg21651880  View
206053 40712 CVE-2013-5414 PM92313  View
206054 40712 CVE-2013-5414 was-cve20135414-role-migration(87476)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
23562 JVNDB-2013-005137 IBM WebSphere Application Server のマイグレーション機能における権限を取得される脆弱性 IBM WebSphere Application Server (WAS) のマイグレーション機能は、admin ロールと adminsecmanager ロールの違いを適切にサポートしないため、権限を取得される脆弱性が存在します。 CVE-2013-5414 65356 CVE-2013-5414 40712 3.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005137.html 2013-11-11 2013-11-19 View