VIR Vulnerability Intelligence Relay

CVE-2012-2162

medium
Published 2012-05-01 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21591172

Application impact
VendorProductVersionsFixed
ibmwebsphere_application_server{"endIncluding":"8.0.0.0"}
ibmwebsphere_application_server5.0
ibmwebsphere_application_server5.0.0
ibmwebsphere_application_server5.0.1
ibmwebsphere_application_server5.0.2
ibmwebsphere_application_server5.0.2.1
ibmwebsphere_application_server5.0.2.2
ibmwebsphere_application_server5.0.2.3
ibmwebsphere_application_server5.0.2.4
ibmwebsphere_application_server5.0.2.5
ibmwebsphere_application_server5.0.2.6
ibmwebsphere_application_server5.0.2.7
ibmwebsphere_application_server5.0.2.8
ibmwebsphere_application_server5.0.2.9
ibmwebsphere_application_server5.0.2.10
ibmwebsphere_application_server5.0.2.11
ibmwebsphere_application_server5.0.2.12
ibmwebsphere_application_server5.0.2.13
ibmwebsphere_application_server5.0.2.14
ibmwebsphere_application_server5.0.2.15
ibmwebsphere_application_server5.0.2.16
ibmwebsphere_application_server5.1.0
ibmwebsphere_application_server5.1.0.2
ibmwebsphere_application_server5.1.0.3
ibmwebsphere_application_server5.1.0.4
ibmwebsphere_application_server5.1.0.5
ibmwebsphere_application_server5.1.1
ibmwebsphere_application_server5.1.1.1
ibmwebsphere_application_server5.1.1.2
ibmwebsphere_application_server5.1.1.3
ibmwebsphere_application_server5.1.1.4
ibmwebsphere_application_server5.1.1.5
ibmwebsphere_application_server5.1.1.6
ibmwebsphere_application_server5.1.1.7
ibmwebsphere_application_server5.1.1.8
ibmwebsphere_application_server5.1.1.9
ibmwebsphere_application_server5.1.1.10
ibmwebsphere_application_server5.1.1.11
ibmwebsphere_application_server5.1.1.12
ibmwebsphere_application_server5.1.1.13
ibmwebsphere_application_server5.1.1.14
ibmwebsphere_application_server5.1.1.15
ibmwebsphere_application_server5.1.1.16
ibmwebsphere_application_server5.1.1.17
ibmwebsphere_application_server6.0
ibmwebsphere_application_server6.0.0.1
ibmwebsphere_application_server6.0.0.2
ibmwebsphere_application_server6.0.0.3
ibmwebsphere_application_server6.0.1
ibmwebsphere_application_server6.0.1.1
ibmwebsphere_application_server6.0.1.2
ibmwebsphere_application_server6.0.1.3
ibmwebsphere_application_server6.0.1.5
ibmwebsphere_application_server6.0.1.7
ibmwebsphere_application_server6.0.1.9
ibmwebsphere_application_server6.0.1.11
ibmwebsphere_application_server6.0.1.13
ibmwebsphere_application_server6.0.1.15
ibmwebsphere_application_server6.0.1.17
ibmwebsphere_application_server6.0.2
ibmwebsphere_application_server6.0.2.1
ibmwebsphere_application_server6.0.2.2
ibmwebsphere_application_server6.0.2.3
ibmwebsphere_application_server6.0.2.4
ibmwebsphere_application_server6.0.2.5
ibmwebsphere_application_server6.0.2.6
ibmwebsphere_application_server6.0.2.7
ibmwebsphere_application_server6.0.2.9
ibmwebsphere_application_server6.0.2.11
ibmwebsphere_application_server6.0.2.13
ibmwebsphere_application_server6.0.2.15
ibmwebsphere_application_server6.0.2.17
ibmwebsphere_application_server6.0.2.19
ibmwebsphere_application_server6.0.2.22
ibmwebsphere_application_server6.0.2.23
ibmwebsphere_application_server6.0.2.24
ibmwebsphere_application_server6.0.2.25
ibmwebsphere_application_server6.0.2.27
ibmwebsphere_application_server6.0.2.28
ibmwebsphere_application_server6.0.2.29
ibmwebsphere_application_server6.0.2.30
ibmwebsphere_application_server6.0.2.31
ibmwebsphere_application_server6.0.2.32
ibmwebsphere_application_server6.0.2.33
ibmwebsphere_application_server6.0.2.35
ibmwebsphere_application_server6.0.2.37
ibmwebsphere_application_server6.1
ibmwebsphere_application_server6.1.0
ibmwebsphere_application_server6.1.0.0
ibmwebsphere_application_server6.1.0.1
ibmwebsphere_application_server6.1.0.2
ibmwebsphere_application_server6.1.0.3
ibmwebsphere_application_server6.1.0.5
ibmwebsphere_application_server6.1.0.7
ibmwebsphere_application_server6.1.0.9
ibmwebsphere_application_server6.1.0.11
ibmwebsphere_application_server6.1.0.12
ibmwebsphere_application_server6.1.0.15
ibmwebsphere_application_server6.1.0.17
ibmwebsphere_application_server6.1.0.19
ibmwebsphere_application_server6.1.0.21
ibmwebsphere_application_server6.1.0.23
ibmwebsphere_application_server6.1.0.25
ibmwebsphere_application_server6.1.0.27
ibmwebsphere_application_server6.1.0.29
ibmwebsphere_application_server6.1.0.31
ibmwebsphere_application_server6.1.0.33
ibmwebsphere_application_server6.1.0.35
ibmwebsphere_application_server6.1.0.37
ibmwebsphere_application_server6.1.0.39
ibmwebsphere_application_server6.1.0.41
ibmwebsphere_application_server6.1.0.43
ibmwebsphere_application_server6.1.1
ibmwebsphere_application_server6.1.3
ibmwebsphere_application_server6.1.5
ibmwebsphere_application_server6.1.6
ibmwebsphere_application_server6.1.7
ibmwebsphere_application_server6.1.13
ibmwebsphere_application_server6.1.14
ibmwebsphere_application_server7.0
ibmwebsphere_application_server7.0.0.1
ibmwebsphere_application_server7.0.0.2
ibmwebsphere_application_server7.0.0.3
ibmwebsphere_application_server7.0.0.4
ibmwebsphere_application_server7.0.0.5
ibmwebsphere_application_server7.0.0.6
ibmwebsphere_application_server7.0.0.7
ibmwebsphere_application_server7.0.0.8
ibmwebsphere_application_server7.0.0.9
ibmwebsphere_application_server7.0.0.11
ibmwebsphere_application_server7.0.0.13
ibmwebsphere_application_server7.0.0.15
ibmwebsphere_application_server7.0.0.17
ibmwebsphere_application_server7.0.0.19
ibmwebsphere_application_server7.0.0.21

References

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.