Описание
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00433
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
EPSS
Процентиль: 62%
0.00433
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-287