QID 375703
Date Published: 2021-07-14
QID 375703: IBM WebSphere Application Server Prototype Pollution Vulnerability (6443101)
There is a vulnerability in the Dojo library used by WebSphere Application Server.
Dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
Affected Versions:
WebSphere Application Server V9.0.0.0 through 9.0.5.7
WebSphere Application Server V8.5.0.0 through 8.5.5.19
WebSphere Application Server V8.0.0.0 through 8.0.0.15
WebSphere Application Server V7.0.0.0 through 7.0.0.45
QID Detection Logic (Authenticated):
This QID checks for the vulnerable version of IBM WebSphere Application Server and checks if the patches are installed or not.
QID Detection Logic (Unauthenticated):
This QID matches vulnerable versions via the GIOP banner.
An attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
- 6443101 -
www.ibm.com/support/pages/node/6443101
CVEs related to QID 375703
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| IBM Websphere(6443101) |
www.ibm.com/support/pages/node/6443101 |