4

CVE-2009-0507

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Process Server Version <= 6.1.2.2
IbmWebsphere Process Server Version <= 6.2
IbmWebsphere Process Server Version6.1.2
IbmWebsphere Process Server Version6.1.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1% 0.584
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/34249
http://www-01.ibm.com/support/docview.wss?uid=swg27015580
http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0670
https://exchange.xforce.ibmcloud.com/vulnerabilities/48892