CVE-2014-3060
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685705
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476
- http://www-01.ibm.com/support/docview.wss?uid=swg21685705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93534
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476
- http://www-01.ibm.com/support/docview.wss?uid=swg21685705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93534
Verify integrity in audit chain (admin only). AS-IS.