Authentication Cache Deletion Vulnerability in IBM WebSphere Application Server

Authentication Cache Deletion Vulnerability in IBM WebSphere Application Server

CVE-2011-1320 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.

Learn more about our Cis Benchmark Audit For Ibm I.