CVE-2014-8890 : IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows rem

IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.

Published 2014-12-18 16:59:18

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2014-8890

IBM » Websphere Application Server » Version: 8.5.0.0
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.0.1
cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.0.2
cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5.0
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5.1
cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5.2
cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 8.5.5.3
cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-8890

Top countries where our scanners detected CVE-2014-8890

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2014-8890 90

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-8890!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-8890

EPSS FAQ

1.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8890

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P	4.9	6.4	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-8890

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8890

http://www-01.ibm.com/support/docview.wss?uid=swg21690185

IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.4
Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg21963275

IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.11

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1PI29911

IBM notice: The page you requested cannot be displayed
http://www.securitytracker.com/id/1033384

IBM WebSphere Application Server ServletSecurity Flaw Lets Remote Users Access the Target System - SecurityTracker
http://www.securityfocus.com/bid/71834

IBM WebSphere Application Server CVE-2014-8890 Remote Privilege Escalation Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/99009

IBM WebSphere Application Server for Liberty privilege escalation CVE-2014-8890 Vulnerability Report