Insecure Security Role Mapping in IBM WebSphere Application Server

Insecure Security Role Mapping in IBM WebSphere Application Server

CVE-2011-1311 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.

Learn more about our Cis Benchmark Audit For Ibm I.