CVE-2013-5414
First published: Sat Nov 16 2013(Updated: )
The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in opportunistic circumstances by accessing resources in between a migration and a role evaluation.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.1 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.2 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.3 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.4 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.5 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.6 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.7 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.8 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.9 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.10 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.11 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.12 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.13 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.14 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.15 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.16 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.17 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.18 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.19 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.21 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.22 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.23 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.24 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.25 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.27 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.29 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.0 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.1 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.2 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.3 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.4 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.5 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.6 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.7 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.0 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.1 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.2 | |
| IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-5414?
The severity of CVE-2013-5414 is classified as moderate.
How do I fix CVE-2013-5414?
To fix CVE-2013-5414, upgrade IBM WebSphere Application Server to version 7.0.0.31, 8.0.0.8, or 8.5.5.1 or later.
What type of vulnerability is CVE-2013-5414?
CVE-2013-5414 is a privilege escalation vulnerability.
What products are affected by CVE-2013-5414?
CVE-2013-5414 affects IBM WebSphere Application Server versions 7.0, 8.0, and 8.5 prior to the specified patches.
Who is impacted by CVE-2013-5414?
Remote authenticated users could exploit CVE-2013-5414 to gain elevated privileges.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/ibm
- canonical/ibm websphere application server with web server plug-ins
- version/ibm websphere application server with web server plug-ins/7.0
- version/ibm websphere application server with web server plug-ins/7.0.0.1
- version/ibm websphere application server with web server plug-ins/7.0.0.2
- version/ibm websphere application server with web server plug-ins/7.0.0.3
- version/ibm websphere application server with web server plug-ins/7.0.0.4
- version/ibm websphere application server with web server plug-ins/7.0.0.5
- version/ibm websphere application server with web server plug-ins/7.0.0.6
- version/ibm websphere application server with web server plug-ins/7.0.0.7
- version/ibm websphere application server with web server plug-ins/7.0.0.8
- version/ibm websphere application server with web server plug-ins/7.0.0.9
- version/ibm websphere application server with web server plug-ins/7.0.0.10
- version/ibm websphere application server with web server plug-ins/7.0.0.11
- version/ibm websphere application server with web server plug-ins/7.0.0.12
- version/ibm websphere application server with web server plug-ins/7.0.0.13
- version/ibm websphere application server with web server plug-ins/7.0.0.14
- version/ibm websphere application server with web server plug-ins/7.0.0.15
- version/ibm websphere application server with web server plug-ins/7.0.0.16
- version/ibm websphere application server with web server plug-ins/7.0.0.17
- version/ibm websphere application server with web server plug-ins/7.0.0.18
- version/ibm websphere application server with web server plug-ins/7.0.0.19
- version/ibm websphere application server with web server plug-ins/7.0.0.21
- version/ibm websphere application server with web server plug-ins/7.0.0.22
- version/ibm websphere application server with web server plug-ins/7.0.0.23
- version/ibm websphere application server with web server plug-ins/7.0.0.24
- version/ibm websphere application server with web server plug-ins/7.0.0.25
- version/ibm websphere application server with web server plug-ins/7.0.0.27
- version/ibm websphere application server with web server plug-ins/7.0.0.29
- version/ibm websphere application server with web server plug-ins/8.0.0.0
- version/ibm websphere application server with web server plug-ins/8.0.0.1
- version/ibm websphere application server with web server plug-ins/8.0.0.2
- version/ibm websphere application server with web server plug-ins/8.0.0.3
- version/ibm websphere application server with web server plug-ins/8.0.0.4
- version/ibm websphere application server with web server plug-ins/8.0.0.5
- version/ibm websphere application server with web server plug-ins/8.0.0.6
- version/ibm websphere application server with web server plug-ins/8.0.0.7
- version/ibm websphere application server with web server plug-ins/8.5.0.0
- version/ibm websphere application server with web server plug-ins/8.5.0.1
- version/ibm websphere application server with web server plug-ins/8.5.0.2
- version/ibm websphere application server with web server plug-ins/8.5.5.0