User Enumeration Vulnerability in IBM WebSphere Application Server
CVE-2021-29842
3.7LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 16 September 2021
Summary
IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0, and Liberty versions 17.0.0.3 through 21.0.0.9 are susceptible to a user enumeration issue. This vulnerability allows a remote attacker to determine valid usernames by exploiting differences in server responses during login attempts. If an attacker can discern between valid and invalid credentials based on response behavior, they may gain insights that could lead to further attacks. Organizations using affected versions should assess their security measures and consider applying the latest patches to mitigate this risk.
Affected Version(s)
WebSphere Application Server 7.0
WebSphere Application Server 8.0
WebSphere Application Server 8.5
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved