漏洞信息
IBM WebSphere Service Registry and Repository is a Lifecycle management application to track lifecycle, versions and availability of services. Multiple security issues have been found in IBM WebSphere Service Registry and Repository application which allow attackers to retrieve sensitive information:
CVE-2014-6177:IBM WebSphere Service Registry and Repository (WSRR) fails to perform access-control checks for depth-0 retrieve operations, allowing remote authenticated users obtain sensitive information via unspecified vectors.
CVE-2014-6181:IBM WebSphere Service Registry and Repository (WSRR) fails to perform access-control checks for contained objects,allowing remote authenticated users obtain sensitive information via unspecified vectors.
CVE-2014-6186:IBM WebSphere Service Registry and Repository (WSRR) allows remote authenticated users to bypass intended object-access restrictions via the datagraph
Affected Versions:
IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5
IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.3
IBM WebSphere Service Registry and Repository (WSRR) 8.0.x before 8.0.0.1
漏洞危害
An authenticated remote attacker may exploit these vulnerabilities to bypass access restrictions and obtain sensitive information.
解决方案
Customers are advised to install the patch provided by IBM.Further more information can be obtained from IBM
Patch:
Following are links for downloading patches to fix the vulnerabilities:
www.0daybank.org
文章评论