IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Websphere_host_on-demand | Ibm | 6.0 (including) | 6.0 (including) |
| Websphere_host_on-demand | Ibm | 7.0 (including) | 7.0 (including) |
| Websphere_host_on-demand | Ibm | 8.0 (including) | 8.0 (including) |
| Websphere_host_on-demand | Ibm | 9.0 (including) | 9.0 (including) |
References
- http://secunia.com/advisories/22652
- http://securityreason.com/securityalert/2030
- http://www.securityfocus.com/archive/1/454050/100/0/threaded
- http://www.vupen.com/english/advisories/2006/4943
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30826
- http://secunia.com/advisories/22652
- http://securityreason.com/securityalert/2030
- http://www.securityfocus.com/archive/1/454050/100/0/threaded
- http://www.vupen.com/english/advisories/2006/4943
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30826