User Enumeration Vulnerability in IBM WebSphere Application Server
CVE-2021-29842

3.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
16 September 2021

Summary

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0, and Liberty versions 17.0.0.3 through 21.0.0.9 are susceptible to a user enumeration issue. This vulnerability allows a remote attacker to determine valid usernames by exploiting differences in server responses during login attempts. If an attacker can discern between valid and invalid credentials based on response behavior, they may gain insights that could lead to further attacks. Organizations using affected versions should assess their security measures and consider applying the latest patches to mitigate this risk.

Affected Version(s)

WebSphere Application Server 7.0

WebSphere Application Server 8.0

WebSphere Application Server 8.5

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.