The host is running IBM WebSphere Application Server and is prone to security bypass vulnerability.
Successful exploitation will let remote authenticated administrators to bypass intended access restrictions. Impact Level: Application
Upgrade to IBM WebSphere Application Server version 18.104.22.168 or later, http://www-01.ibm.com/support/docview.wss?uid=swg24028875
The flaw is due to an error in Administrative Console component which does not prevent modifications of the primary admin id, allows remote authenticated administrators to bypass intended access restrictions by mapping a 'user' or 'group' to an administrator role.
IBM WebSphere Application Server versions 6.1.0.x before 22.214.171.124 and 7.x before 126.96.36.199
Updated on 2015-03-25
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- Lighttpd Trailing Slash Information Disclosure Vulnerability
- bozotic HTTP server Information Disclosure Vulnerability
- Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability