4.6

CVE-2009-1953

EPSS 0.55%
Published 08.06.2009 01:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Filenet Content Manager Version4.0

Ibm ≫ Filenet Content Manager Version4.0.1

Ibm ≫ Filenet Content Manager Version4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.654

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/35347

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21389281

Vendor Advisory

http://www.securityfocus.com/bid/35228

http://www.vupen.com/english/advisories/2009/1512

https://nvd.nist.gov/vuln/detail/CVE-2009-1953

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1953

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1953

EUVD