Unrated severityNVD Advisory· Published Dec 13, 2001· Updated Jun 16, 2026
CVE-2001-1189
CVE-2001-1189
Description
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
Affected products
11cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:3.5.3:*:*:*:*:*:*:*
- (no CPE)range: <=3.5.3
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/3682nvdPatchVendor Advisory
- www.iss.net/security_center/static/7698.phpnvdVendor Advisory
- www.securityfocus.com/archive/1/245324nvdVendor Advisory
News mentions
0No linked articles in our index yet.