CVE-2010-0769

Опубликовано: 01 апр. 2010

Источник: nvd

CVSS2: 1.9

EPSS Низкий

Описание

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия до 6.0.2.39 (включая)

cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.0.2.37:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

Версия до 6.1.0.29 (включая)

cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

1.9 Low

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-rrh8-mmjf-r99f

github

почти 4 года назад

EPSS

Процентиль: 17%

0.00054

Низкий

1.9 Low

CVSS2

Дефекты

CWE-255