CVE-2014-6177CVE-2014-6177

Affected configuration(s):

cpe:/a:ibm:websphere_service_registry_and_repository:7.0.0
cpe:/a:ibm:websphere_service_registry_and_repository:7.0.0.1
cpe:/a:ibm:websphere_service_registry_and_repository:7.0.0.2
cpe:/a:ibm:websphere_service_registry_and_repository:7.0.0.3
cpe:/a:ibm:websphere_service_registry_and_repository:7.0.0.4
cpe:/a:ibm:websphere_service_registry_and_repository:7.5.0.0
cpe:/a:ibm:websphere_service_registry_and_repository:7.5.0.1
cpe:/a:ibm:websphere_service_registry_and_repository:7.5.0.2

Date published: 2014-12-24T06:59:04.370-05:00

Date last modified: 2017-09-07T21:29:11.527-04:00

CVSS Score: 4.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www-01.ibm.com/support/docview.wss?uid=swg1IV24386

Summary: IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.