6.5

CVE-2009-0440

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Partner Gateway Version6.0.0
IbmWebsphere Partner Gateway Version6.0.0.1
IbmWebsphere Partner Gateway Version6.0.0.2
IbmWebsphere Partner Gateway Version6.0.0.3
IbmWebsphere Partner Gateway Version6.0.0.4
IbmWebsphere Partner Gateway Version6.0.0.5
IbmWebsphere Partner Gateway Version6.0.0.6
IbmWebsphere Partner Gateway Version6.0.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.2% 0.64
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/33994
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21330341
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231
Vendor Advisory
http://www.securityfocus.com/bid/33839
https://exchange.xforce.ibmcloud.com/vulnerabilities/48530