Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM WebSphere Application Server Cluster Configuration File 信息泄露漏洞
Vulnerability Description
IBM WebSphere Application Server是一个完善的、开放的Web应用服务器,它是IBM电子商务应用架构的核心。 IBM WebSphere Process Server (WPS) 6.1.2.3版本之前的版本6.1.2以及6.2.0.1版本之前的版本6.2没有适当地在从管理计控台的cluster配置文件的输出中限制配置数据,远程验证用户可以借助包括对cluster成员访问的向量,获得(1)JMSAPI,(2)ESCALATION,和(3)MAILSESSION(又称邮件会话)c
CVSS Information
N/A
Vulnerability Type
N/A