4
CVE-2009-0507
- EPSS 1%
- Veröffentlicht 26.02.2009 16:17:19
- Zuletzt bearbeitet 16.06.2026 23:05:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Websphere Process Server Version <= 6.1.2.2
Ibm ≫ Websphere Process Server Version <= 6.2
Ibm ≫ Websphere Process Server Version6.1.2
Ibm ≫ Websphere Process Server Version6.1.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1% | 0.584 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
http://secunia.com/advisories/34249
http://www-01.ibm.com/support/docview.wss?uid=swg27015580
http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088
http://www.vupen.com/english/advisories/2009/0670
https://exchange.xforce.ibmcloud.com/vulnerabilities/48892