Ispravljen je novi sigurnosni propust vezan uz IBM WebSphere Application Server za z/OS. Radi se o sigurnom, skalabilnom i pouzdanom okruženju za izvođenje aplikacija i servisa. Propust se javlja zbog pogrešne dodjele sigurnosnih ovlasti korisnicima, a javlja se kod nekih oblika konfiguracije sustava. Zlonamjerni korisnici tako mogu zaobići postojeća sigurnosna ograničenja i pristupiti osjetljivim podacima. Objavljena je nadogradnja koja ispravlja opisani propust te se svim korisnicima savjetuje njena primjena.
IBM WebSphere Application Server for z/OS Access Permissions Security Issue
Secunia Advisory SA43965
Get alerted and manage the vulnerability life cycle
Free Trial
Release Date 2011-04-01
Popularity 54 views
Comments 0 comments
Criticality level Less criticalLess critical
Impact Security Bypass
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
IBM WebSphere Application Server 6.0.x
IBM WebSphere Application Server 6.1.x
IBM WebSphere Application Server 7.0.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
A security issue has been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to unintended access permissions being assigned to users for WebSphere applications when WebSphere is configured with a Local OS user registry or a Federated Repository configured with RACF (Resource Access Control Facility) adapter.
The security issue is reported in the following versions:
* WebSphere Application Server for z/OS versions 6.0 through 6.0.2.43, 6.1 through 6.1.0.35, and 7.0 through 7.0.0.15.
* WebSphere Application Server OEM for z/OS (FMID HBBN610) versions 6.1.0.25 through 6.1.0.32 and 7.0.0.7 through 7.0.0.13.
Solution
Apply patches. Please see the vendor's advisory for more information.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
IBM (PM35480, PM35478, PM35545, PM35611, PM35609):
http://www.ibm.com/support/docview.wss?uid=swg21473989
Posljednje sigurnosne preporuke