CVE-2009-1953

Опубликовано: 08 июн. 2009

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Ссылки

http://secunia.com/advisories/35347
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21389281
Vendor Advisory
http://www.securityfocus.com/bid/35228
http://www.vupen.com/english/advisories/2009/1512
http://secunia.com/advisories/35347
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21389281
Vendor Advisory
http://www.securityfocus.com/bid/35228
http://www.vupen.com/english/advisories/2009/1512

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:filenet_content_manager:4.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:filenet_content_manager:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:filenet_content_manager:4.5:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00554

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-jc3c-whr2-jgwr

github

почти 4 года назад