CVE Vulnerabilities

CVE-2001-1189

Published: Dec 13, 2001 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Affected Software

Name Vendor Start Version End Version
Websphere_application_server Ibm 3.0 3.0
Websphere_application_server Ibm 3.0.2 3.0.2
Websphere_application_server Ibm 3.0.2.1 3.0.2.1
Websphere_application_server Ibm 3.0.2.2 3.0.2.2
Websphere_application_server Ibm 3.0.2.3 3.0.2.3
Websphere_application_server Ibm 3.0.2.4 3.0.2.4
Websphere_application_server Ibm 3.5 3.5
Websphere_application_server Ibm 3.5.1 3.5.1
Websphere_application_server Ibm 3.5.2 3.5.2
Websphere_application_server Ibm 3.5.3 3.5.3

References