IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Websphere_application_server | Ibm | 7.0 (including) | 7.0 (including) |
| Websphere_application_server | Ibm | 7.0.0.0 (including) | 7.0.0.0 (including) |
| Websphere_application_server | Ibm | 7.0.0.1 (including) | 7.0.0.1 (including) |
| Websphere_application_server | Ibm | 7.0.0.2 (including) | 7.0.0.2 (including) |
| Websphere_application_server | Ibm | 7.0.0.3 (including) | 7.0.0.3 (including) |
| Websphere_application_server | Ibm | 7.0.0.4 (including) | 7.0.0.4 (including) |
| Websphere_application_server | Ibm | 7.0.0.5 (including) | 7.0.0.5 (including) |
| Websphere_application_server | Ibm | 7.0.0.6 (including) | 7.0.0.6 (including) |
| Websphere_application_server | Ibm | 7.0.0.7 (including) | 7.0.0.7 (including) |
| Websphere_application_server | Ibm | 7.0.0.8 (including) | 7.0.0.8 (including) |
| Websphere_application_server | Ibm | 7.0.0.9 (including) | 7.0.0.9 (including) |
| Websphere_application_server | Ibm | 7.0.0.10 (including) | 7.0.0.10 (including) |
| Websphere_application_server | Ibm | 7.0.0.11 (including) | 7.0.0.11 (including) |
| Websphere_application_server | Ibm | 7.0.0.12 (including) | 7.0.0.12 (including) |
| Websphere_application_server | Ibm | 7.0.0.13 (including) | 7.0.0.13 (including) |
| Websphere_application_server | Ibm | 7.0.0.14 (including) | 7.0.0.14 (including) |
| Websphere_application_server | Ibm | 7.0.0.15 (including) | 7.0.0.15 (including) |
| Websphere_application_server | Ibm | 7.0.0.16 (including) | 7.0.0.16 (including) |
| Websphere_application_server | Ibm | 7.0.0.17 (including) | 7.0.0.17 (including) |
| Websphere_application_server | Ibm | 7.0.0.18 (including) | 7.0.0.18 (including) |
| Websphere_application_server | Ibm | 7.0.0.19 (including) | 7.0.0.19 (including) |
| Websphere_application_server | Ibm | 7.0.0.21 (including) | 7.0.0.21 (including) |
| Websphere_application_server | Ibm | 7.0.0.22 (including) | 7.0.0.22 (including) |
| Websphere_application_server | Ibm | 7.0.0.23 (including) | 7.0.0.23 (including) |
| Websphere_application_server | Ibm | 7.0.0.24 (including) | 7.0.0.24 (including) |
| Websphere_application_server | Ibm | 7.0.0.25 (including) | 7.0.0.25 (including) |
| Websphere_application_server | Ibm | 7.0.0.27 (including) | 7.0.0.27 (including) |
| Websphere_application_server | Ibm | 7.0.0.28 (including) | 7.0.0.28 (including) |
| Websphere_application_server | Ibm | 7.0.0.29 (including) | 7.0.0.29 (including) |
| Websphere_application_server | Ibm | 7.0.0.31 (including) | 7.0.0.31 (including) |
| Websphere_application_server | Ibm | 7.0.0.32 (including) | 7.0.0.32 (including) |
| Websphere_application_server | Ibm | 7.0.0.33 (including) | 7.0.0.33 (including) |
| Websphere_application_server | Ibm | 7.0.0.34 (including) | 7.0.0.34 (including) |
| Websphere_application_server | Ibm | 7.0.0.35 (including) | 7.0.0.35 (including) |
| Websphere_application_server | Ibm | 7.0.0.36 (including) | 7.0.0.36 (including) |
| Websphere_application_server | Ibm | 7.0.0.37 (including) | 7.0.0.37 (including) |
| Websphere_application_server | Ibm | 7.0.0.38 (including) | 7.0.0.38 (including) |
| Websphere_application_server | Ibm | 7.0.0.39 (including) | 7.0.0.39 (including) |
| Websphere_application_server | Ibm | 7.0.0.41 (including) | 7.0.0.41 (including) |
| Websphere_application_server | Ibm | 8.0 (including) | 8.0 (including) |
| Websphere_application_server | Ibm | 8.0.0.0 (including) | 8.0.0.0 (including) |
| Websphere_application_server | Ibm | 8.0.0.1 (including) | 8.0.0.1 (including) |
| Websphere_application_server | Ibm | 8.0.0.2 (including) | 8.0.0.2 (including) |
| Websphere_application_server | Ibm | 8.0.0.3 (including) | 8.0.0.3 (including) |
| Websphere_application_server | Ibm | 8.0.0.4 (including) | 8.0.0.4 (including) |
| Websphere_application_server | Ibm | 8.0.0.5 (including) | 8.0.0.5 (including) |
| Websphere_application_server | Ibm | 8.0.0.6 (including) | 8.0.0.6 (including) |
| Websphere_application_server | Ibm | 8.0.0.7 (including) | 8.0.0.7 (including) |
| Websphere_application_server | Ibm | 8.0.0.8 (including) | 8.0.0.8 (including) |
| Websphere_application_server | Ibm | 8.0.0.9 (including) | 8.0.0.9 (including) |
| Websphere_application_server | Ibm | 8.0.0.10 (including) | 8.0.0.10 (including) |
| Websphere_application_server | Ibm | 8.0.0.11 (including) | 8.0.0.11 (including) |
| Websphere_application_server | Ibm | 8.0.0.12 (including) | 8.0.0.12 (including) |
| Websphere_application_server | Ibm | 8.5.0.0 (including) | 8.5.0.0 (including) |
| Websphere_application_server | Ibm | 8.5.0.1 (including) | 8.5.0.1 (including) |
| Websphere_application_server | Ibm | 8.5.0.2 (including) | 8.5.0.2 (including) |
| Websphere_application_server | Ibm | 8.5.5.0 (including) | 8.5.5.0 (including) |
| Websphere_application_server | Ibm | 8.5.5.1 (including) | 8.5.5.1 (including) |
| Websphere_application_server | Ibm | 8.5.5.2 (including) | 8.5.5.2 (including) |
| Websphere_application_server | Ibm | 8.5.5.4 (including) | 8.5.5.4 (including) |
| Websphere_application_server | Ibm | 8.5.5.5 (including) | 8.5.5.5 (including) |
| Websphere_application_server | Ibm | 8.5.5.6 (including) | 8.5.5.6 (including) |
| Websphere_application_server | Ibm | 8.5.5.7 (including) | 8.5.5.7 (including) |
| Websphere_application_server | Ibm | 8.5.5.8 (including) | 8.5.5.8 (including) |
| Websphere_application_server | Ibm | 8.5.5.9 (including) | 8.5.5.9 (including) |
| Websphere_application_server | Ibm | 9.0.0.0 (including) | 9.0.0.0 (including) |
Access control involves the use of several protection mechanisms such as:
When any mechanism is not applied or otherwise fails, attackers can compromise the security of the product by gaining privileges, reading sensitive information, executing commands, evading detection, etc. There are two distinct behaviors that can introduce access control weaknesses: