LiveActive security incident?Get immediate response
CVE Record

CVE-2011-4889: The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere App...

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

Some IBM WebSphere Application Server deployments may fail to fully update user passwords when using Virtual Member Manager with Tivoli Directory Server. In that state, someone who knows a user's old password may still access an application after the password was changed.

Executive priority

Treat as a targeted legacy-platform risk. Prioritize if WebSphere still protects sensitive applications and uses Tivoli Directory Server, because password changes may not reliably remove access for former credential holders.

Technical view

The issue affects IBM WebSphere Application Server 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 in configurations using VMM with Tivoli Directory Server. The referenced AttributeInUseException handling can leave password updates ineffective, enabling access with stale credentials.

Likely exposure

Exposure is likely limited to legacy WebSphere deployments using Virtual Member Manager integrated with Tivoli Directory Server. Organizations not running those WAS versions or that directory configuration are not indicated as affected by the supplied sources.

Exploitation context

The source bundle does not show CISA KEV listing, public exploitation, CVSS, or exploit details. The practical risk depends on an attacker already knowing an old password for a valid application account.

Researcher notes

Evidence is limited to the CVE description and IBM references. No CWE, CVSS, or exploit status is supplied. Scope should be verified by product version and VMM/Tivoli Directory Server configuration before escalation.

Mitigation direction

  • Upgrade affected WAS 6.1 systems to 6.1.0.43 or later.
  • Upgrade affected WAS 7.0 systems to 7.0.0.21 or later.
  • Upgrade affected WAS 8.0 systems to 8.0.0.2 or later.
  • Review IBM guidance for applicable fixes and deployment-specific instructions.
  • After remediation, rotate passwords for potentially affected accounts.

Validation and detection

  • Inventory WebSphere Application Server versions across legacy environments.
  • Confirm whether Virtual Member Manager uses Tivoli Directory Server.
  • Review recent password-change workflows for affected applications.
  • Check authentication logs for access after password changes.
  • Validate remediation using an authorized test account only.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

description · low confidence lookup

Credential and access behavior lookup

The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2011-4889 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.