User Enumeration Vulnerability in IBM WebSphere Application Server
CVE-2021-29842

3.7LOW

Key Information:

Vendor: IBM
Status: Websphere Application Server; Websphere Application Server Liberty
Vendor: CVE Published:; 16 September 2021

Summary

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0, and Liberty versions 17.0.0.3 through 21.0.0.9 are susceptible to a user enumeration issue. This vulnerability allows a remote attacker to determine valid usernames by exploiting differences in server responses during login attempts. If an attacker can discern between valid and invalid credentials based on response behavior, they may gain insights that could lead to further attacks. Organizations using affected versions should assess their security measures and consider applying the latest patches to mitigate this risk.

Affected Version(s)

WebSphere Application Server 7.0

WebSphere Application Server 8.0

WebSphere Application Server 8.5

References

https://www.ibm.com/support/pages/node/6489485

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/205202

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2021
Vulnerability Reserved
Mar 31, 2021