CVE-2013-5414 : The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 b

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.

Published 2013-11-18 05:23:58

Updated 2017-08-29 01:33:46

Source IBM Corporation

View at NVD, CVE.org

Threat overview for CVE-2013-5414

Top countries where our scanners detected CVE-2013-5414

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2013-5414 555

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2013-5414!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2013-5414

Probability of exploitation activity in the next 30 days: 0.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-5414

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-5414

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-5414

http://www-01.ibm.com/support/docview.wss?&uid=swg21651880

IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.1
Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1PM92313

IBM notice: The page you requested cannot be displayed
https://exchange.xforce.ibmcloud.com/vulnerabilities/87476

IBM WebSphere Application Server post migration privilege escalation CVE-2013-5414 Vulnerability Report

Products affected by CVE-2013-5414

IBM » Websphere Application Server » Version: 7.0
cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.4
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.3
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.6
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.5
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.7
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.8
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.9
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.12
cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.11
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.10
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.13
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.15
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.17
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.0
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.19
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.1
cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.21
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.2
cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.23
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.3
cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.0.0
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.4
cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.16
cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.14
cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.18
cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.22
cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.25
cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.5
cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.0.1
cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.27
cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.24
cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.0.2
cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.6
cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.29
cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5.0
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.0.0.7
cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*
Matching versions

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!