The host is running IBM WebSphere Application Server and is prone to security bypass vulnerability.
Successful exploitation will let remote authenticated administrators to bypass intended access restrictions. Impact Level: Application
Upgrade to IBM WebSphere Application Server version 18.104.22.168 or later, http://www-01.ibm.com/support/docview.wss?uid=swg24028875
The flaw is due to an error in Administrative Console component which does not prevent modifications of the primary admin id, allows remote authenticated administrators to bypass intended access restrictions by mapping a 'user' or 'group' to an administrator role.
IBM WebSphere Application Server versions 6.1.0.x before 22.214.171.124 and 7.x before 126.96.36.199
Updated on 2015-03-25
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- bozotic HTTP server Information Disclosure Vulnerability
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
- bozotic HTTP server Denial of Service Vulnerability