Home

CVE-2021-29842

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.369

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.21Windows
Vulnerabilities CVE-2021-36090,CVE-2021-35517,CVE-2021-29842 are fixed in IBM WebSphere 21.0.0.10Windows
Vulnerabilities CVE-2021-29842 are fixed in IBM WebSphere 9.0.5.10Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9Windows
Multiple Vulnerabilities are affected in IBM MQ 9.1Windows
Multiple Vulnerabilities are affected in IBM MQ 9.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234