4

CVE-2009-0507

EPSS 0.27%
Veröffentlicht 26.02.2009 16:17:19
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Websphere Process Server Version <= 6.1.2.2

Ibm ≫ Websphere Process Server Version <= 6.2

Ibm ≫ Websphere Process Server Version6.1.2

Ibm ≫ Websphere Process Server Version6.1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.472

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

http://secunia.com/advisories/34249

http://www-01.ibm.com/support/docview.wss?uid=swg27015580

http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0670

https://exchange.xforce.ibmcloud.com/vulnerabilities/48892

https://nvd.nist.gov/vuln/detail/CVE-2009-0507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0507

EUVD