4

CVE-2009-0507

EPSS 0.27%
Published 26.02.2009 16:17:19
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Websphere Process Server Version <= 6.1.2.2

Ibm ≫ Websphere Process Server Version <= 6.2

Ibm ≫ Websphere Process Server Version6.1.2

Ibm ≫ Websphere Process Server Version6.1.2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.472

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

http://secunia.com/advisories/34249

http://www-01.ibm.com/support/docview.wss?uid=swg27015580

http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088

Vendor Advisory

http://www.vupen.com/english/advisories/2009/0670

https://exchange.xforce.ibmcloud.com/vulnerabilities/48892

https://nvd.nist.gov/vuln/detail/CVE-2009-0507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0507

EUVD