VIR Vulnerability Intelligence Relay

CVE-2013-5414

low
Published 2013-11-18 · Modified 2026-04-29
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?&uid=swg21651880

Application impact
VendorProductVersionsFixed
ibmwebsphere_application_server7.0
ibmwebsphere_application_server7.0.0.1
ibmwebsphere_application_server7.0.0.2
ibmwebsphere_application_server7.0.0.3
ibmwebsphere_application_server7.0.0.4
ibmwebsphere_application_server7.0.0.5
ibmwebsphere_application_server7.0.0.6
ibmwebsphere_application_server7.0.0.7
ibmwebsphere_application_server7.0.0.8
ibmwebsphere_application_server7.0.0.9
ibmwebsphere_application_server7.0.0.10
ibmwebsphere_application_server7.0.0.11
ibmwebsphere_application_server7.0.0.12
ibmwebsphere_application_server7.0.0.13
ibmwebsphere_application_server7.0.0.14
ibmwebsphere_application_server7.0.0.15
ibmwebsphere_application_server7.0.0.16
ibmwebsphere_application_server7.0.0.17
ibmwebsphere_application_server7.0.0.18
ibmwebsphere_application_server7.0.0.19
ibmwebsphere_application_server7.0.0.21
ibmwebsphere_application_server7.0.0.22
ibmwebsphere_application_server7.0.0.23
ibmwebsphere_application_server7.0.0.24
ibmwebsphere_application_server7.0.0.25
ibmwebsphere_application_server7.0.0.27
ibmwebsphere_application_server7.0.0.29
ibmwebsphere_application_server8.0.0.0
ibmwebsphere_application_server8.0.0.1
ibmwebsphere_application_server8.0.0.2
ibmwebsphere_application_server8.0.0.3
ibmwebsphere_application_server8.0.0.4
ibmwebsphere_application_server8.0.0.5
ibmwebsphere_application_server8.0.0.6
ibmwebsphere_application_server8.0.0.7
ibmwebsphere_application_server8.5.0.0
ibmwebsphere_application_server8.5.0.1
ibmwebsphere_application_server8.5.0.2
ibmwebsphere_application_server8.5.5.0

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.