IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote malicious users to bypass intended access restrictions via unknown vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere application server 7.0.0.1 |
||
ibm websphere application server 7.0 |
||
ibm websphere application server 7.0.0.4 |
||
ibm websphere application server 7.0.0.3 |