CVE-2009-0899

Опубликовано: 03 июн. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg21375859
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134
Vendor Advisory
http://www.securityfocus.com/bid/35406
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50882
Third Party Advisory
VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21375859
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK78134
Vendor Advisory
http://www.securityfocus.com/bid/35406
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50882
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:integrated_solutions_console:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия от 6.1 (включая) до 6.1.0.24 (включая)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.0.0.4 (включая)

cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*

Версия от 5.1 (включая) до 6.0.0.0 (исключая)

EPSS

Процентиль: 56%

0.00341

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-rjqp-cxwg-rwxv

github

почти 4 года назад