CVE-2012-3311 : IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25,

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.

Published 2012-09-25 20:55:01

Updated 2025-04-11 00:51:22

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2012-3311

IBM » Websphere Application Server » Version: 6.1.0.0
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0
cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.1
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.2
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.3
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.5
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.7
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.9
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.11
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.12
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.4
cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.15
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.17
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.21
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.19
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.23
cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.4
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.3
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.25
cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.6
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.5
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.27
cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.7
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.8
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.29
cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.31
cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.9
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.33
cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.11
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.10
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.13
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.37
cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.35
cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.15
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.17
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.39
cpe:2.3:a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 8.0.0.0
cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.41
cpe:2.3:a:ibm:websphere_application_server:6.1.0.41:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.19
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 8.0.0.1
cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.21
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 8.0.0.2
cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 6.1.0.43
cpe:2.3:a:ibm:websphere_application_server:6.1.0.43:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.23
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 8.0.0.3
cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 8.5.0.0
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 8.0.0.4
cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.16
cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A
IBM » Websphere Application Server » Version: 7.0.0.14
cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Z/os » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2012-3311

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3311

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:L/AC:M/Au:N/C:P/I:P/A:N	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-3311

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3311

http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388

IBM notice: The page you requested cannot be displayed
http://www.securityfocus.com/bid/55671

IBM WebSphere Application Server for z/OS Local Security Bypass Vulnerability
http://www.ibm.com/support/docview.wss?uid=swg21611313

IBM Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.25
Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/77697

IBM Websphere Application Server CBIND security bypass CVE-2012-3311 Vulnerability Report

Jump to

Vulnerability Details : CVE-2012-3311

Products affected by CVE-2012-3311

Exploit prediction scoring system (EPSS) score for CVE-2012-3311

CVSS scores for CVE-2012-3311

CWE ids for CVE-2012-3311

References for CVE-2012-3311