Access Control Flaw in IBM WebSphere Service Registry and Repository
CVE-2014-6177

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Service Registry And Repository
Vendor: CVE Published:; 24 December 2014

What is CVE-2014-6177?

The IBM WebSphere Service Registry and Repository has a flaw that fails to enforce access controls during depth-0 retrieve operations. Consequently, this oversight allows remote authenticated users to access sensitive information without proper authorization, potentially leading to data breaches or unauthorized disclosure of sensitive information. Users of affected versions should consider applying the latest security updates to mitigate the risk.

References

http://www.ibm.com/support/docview.wss?uid=swg21693384

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV24386

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg21693381

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Sep 2, 2014