ByteOS Network

Vulnerability Details :

CVE-2012-3311

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-25 Sep, 2012 | 20:00

Updated At-06 Aug, 2024 | 19:57

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:ibm

Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522

Published At:25 Sep, 2012 | 20:00

Updated At:06 Aug, 2024 | 19:57

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.ibm.com/support/docview.wss?uid=swg21611313	x_refsource_CONFIRM
http://www.securityfocus.com/bid/55671	vdb-entry x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/77697	vdb-entry x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388	vendor-advisory x_refsource_AIXAPAR

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21611313

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/55671

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77697

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388

Resource:

vendor-advisory

x_refsource_AIXAPAR

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.ibm.com/support/docview.wss?uid=swg21611313	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/55671	vdb-entry x_refsource_BID x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/77697	vdb-entry x_refsource_XF x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388	vendor-advisory x_refsource_AIXAPAR x_transferred

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21611313

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/55671

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77697

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388

Resource:

vendor-advisory

x_refsource_AIXAPAR

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@us.ibm.com

Published At:25 Sep, 2012 | 20:55

Updated At:11 Apr, 2025 | 00:51

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.3	LOW	AV:L/AC:M/Au:N/C:P/I:P/A:N

Type: Primary

Version: 2.0

Base score: 3.3

Base severity: LOW

Vector:

AV:L/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

IBM Corporation

>>z\/os>>-

cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0

cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.0

cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.1

cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.2

cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.3

cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.4

cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.5

cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.7

cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.9

cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.11

cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.12

cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.15

cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.17

cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.19

cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.21

cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.23

cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.25

cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.27

cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.29

cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.31

cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.33

cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.35

cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.37

cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.39

cpe:2.3:a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.41

cpe:2.3:a:ibm:websphere_application_server:6.1.0.41:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.1.0.43

cpe:2.3:a:ibm:websphere_application_server:6.1.0.43:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.1

cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.2

cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.3

cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.4

cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.5

cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.6

cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.7

cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.8

cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.9

cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.10

cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.11

cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.13

cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.14

cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.15

cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.16

cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.17

cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.19

cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.21

cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>7.0.0.23

cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.0.0.0

cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.0.0.1

cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.0.0.2

cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.0.0.3

cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388	psirt@us.ibm.com	N/A
http://www.ibm.com/support/docview.wss?uid=swg21611313	psirt@us.ibm.com	Vendor Advisory
http://www.securityfocus.com/bid/55671	psirt@us.ibm.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77697	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ibm.com/support/docview.wss?uid=swg21611313	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securityfocus.com/bid/55671	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77697	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388

Source: psirt@us.ibm.com

Resource: N/A

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21611313

Source: psirt@us.ibm.com

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/55671

Source: psirt@us.ibm.com

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77697

Source: psirt@us.ibm.com

Resource: N/A

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21611313

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/55671

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77697

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

3Records found

CVE-2019-4536

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.04% / 11.03%

7 Day CHG~0.00%

Published-29 Aug, 2019 | 15:00

Updated-16 Sep, 2024 | 16:33

IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles with elevated privileges caused by incorrect processing during a restore of multiple user profiles. A user with restore privileges could exploit this vulnerability to obtain elevated privileges on the restored system. IBM X-Force ID: 165592.

Vendor-IBM Corporation

Product-i i

CWE ID-CWE-269

Improper Privilege Management

CVE-2018-1842

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-3.6||LOW

EPSS-0.08% / 25.31%

7 Day CHG~0.00%

Published-09 Nov, 2018 | 00:00

Updated-16 Sep, 2024 | 17:48

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902.

Vendor-IBM Corporation NetApp, Inc.

Product-cognos_analytics oncommand_insight Cognos Analytics

CWE ID-CWE-347

Improper Verification of Cryptographic Signature

CVE-2013-6335

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-3.3||LOW

EPSS-0.03% / 8.12%

7 Day CHG~0.00%

Published-26 Aug, 2014 | 10:00

Updated-12 Apr, 2025 | 10:46

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Vendor-n/a Linux Kernel Organization, Inc IBM Corporation Oracle Corporation HP Inc.

Product-solaris linux_kernel tivoli_storage_manager hp-ux aix n/a

CWE ID-CWE-281

Improper Preservation of Permissions

CVE-2012-3311

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs