CVE-2012-0717

IBM WebSphere App Server <7.0.0.23 - Auth Bypass

Title source: llm

Description

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

References (2)

[Various Sources] http://www.ibm.com/support/docview.wss?uid=swg1PM52351

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21595172

Scores

EPSS 0.0007

EPSS Percentile 20.2%

Classification

CWE

CWE-287

Status draft

Affected Products (16)

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

ibm/websphere_application_server

... and 1 more

Timeline

Published Jun 20, 2012

Tracked Since Feb 18, 2026