Описание
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.6.0.4 (включая)
Одно из
cpe:2.3:a:ibm:websphere_extreme_scale_client:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:7.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_extreme_scale_client:8.6.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
3.5 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.
EPSS
Процентиль: 38%
0.00165
Низкий
3.5 Low
CVSS2
Дефекты
CWE-264