Session Management Flaw in IBM WebSphere Service Registry and Repository
CVE-2014-6160

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 29 December 2014

What is CVE-2014-6160?

IBM WebSphere Service Registry and Repository (WSRR) version 8.5 prior to 8.5.0.1 contains a session management flaw. When using Chrome and WebSEAL, the application does not correctly handle logout actions from the ServiceRegistryDashboard. This vulnerability can be exploited by remote attackers to bypass intended access restrictions by exploiting an unattended workstation, potentially granting unauthorized access to sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/97709

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21693389

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV63498

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2014
Vulnerability Reserved
Sep 2, 2014