4.6

CVE-2009-1953

EPSS 0.55%
Veröffentlicht 08.06.2009 01:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Filenet Content Manager Version4.0

Ibm ≫ Filenet Content Manager Version4.0.1

Ibm ≫ Filenet Content Manager Version4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.654

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/35347

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21389281

Vendor Advisory

http://www.securityfocus.com/bid/35228

http://www.vupen.com/english/advisories/2009/1512

https://nvd.nist.gov/vuln/detail/CVE-2009-1953

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1953

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1953

EUVD