exploitDog

CVE-2009-0504

Опубликовано: 17 фев. 2009

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK73573
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48700
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK73573
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48700

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия до 7.0 (включая)

EPSS

Процентиль: 17%

0.00054

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-g46g-49jm-3qmj

github

почти 4 года назад

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

EPSS

Процентиль: 17%

0.00054

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200