For selected versions of IBM WebSphere Application Server, there is a potential security exposure after installing an Interim Fix for PM44303 or a Fix Pack containing PM44303. If you upgraded IBM WebSphere Application Server from the original version provided with IBM Service Delivery Manager you may be affected by the issue.
CVE ID: CVE-2012-3325 (PM71296)
DESCRIPTION: If you have installed an Interim Fix for PM44303, or a fix pack containing PM44303, you have the potential for an authenticated attacker to bypass security restrictions, caused by an error when validating user credentials. This could allow a user to gain unauthorized administrative access to an application and potentially gain access to confidential and critical customer data.
CVSS Base Score: 6.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/77959 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
IBM WebSphere Application Server is a part of the TivSAM image of IBM Service Delivery Manager. The versions of IBM WebSphere Application Server which have been shipped with IBM Service Delivery Manager releases are not affected by the issue.
Your IBM Service Delivery Manager installation is affected only if you have upgraded IBM WebSphere Application Server to the version 126.96.36.199. For more details see the reference .
Apply IBM WebSphere Application Server Fix pack 45 (188.8.131.52) or later.
 IBM WebSphere Application Server flash
CVSS Guide http://www.first.org/cvss/cvss-guide.html
 CVSS calculator http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.