CVE-2012-0717

IBM WebSphere App Server <7.0.0.23 - Auth Bypass

Title source: llm
STIX 2.1

Description

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21595172
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1PM52351

Scores

EPSS 0.0111
EPSS Percentile 61.8%

Details

CWE
CWE-287
Status published
Products (16)
ibm/websphere_application_server 7.0
ibm/websphere_application_server 7.0.0.1
ibm/websphere_application_server 7.0.0.2
ibm/websphere_application_server 7.0.0.3
ibm/websphere_application_server 7.0.0.4
ibm/websphere_application_server 7.0.0.5
ibm/websphere_application_server 7.0.0.6
ibm/websphere_application_server 7.0.0.7
ibm/websphere_application_server 7.0.0.8
ibm/websphere_application_server 7.0.0.9
... and 6 more
Published Jun 20, 2012
Tracked Since Feb 18, 2026