IBM Websphere Application Server 3.5.3 and previous versions stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere application server 3.0.2.2 |
||
ibm websphere application server 3.0.2.3 |
||
ibm websphere application server 3.0.2.4 |
||
ibm websphere application server 3.5 |
||
ibm websphere application server 3.5.1 |
||
ibm websphere application server 3.0 |
||
ibm websphere application server 3.0.2.1 |
||
ibm websphere application server 3.5.3 |
||
ibm websphere application server 3.0.2 |
||
ibm websphere application server 3.5.2 |