CVE-2009-0506

Published Feb 25, 2009

Last updated 8 years ago

CVSS info 6.2

Overview

Description: Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.2
Impact score: 10
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66DB2053-6DFD-4FF6-A6E9-444281531E24"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B68EE27-CC4F-4530-9DFE-D94171C45F64"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "810E5AEC-5C35-4962-B9BB-32D66290D1D2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CEBF289-F630-4386-8F79-5A1BF73BE6F6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A98E5593-1534-48E2-8CD5-B2D1CACDDAB8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD71D5EA-9AF5-422C-810A-D136A5F132F6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C9D6BDA-39E1-4D15-9D86-E212809998FB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F2A78FE-8FA6-4532-9E9E-CF6F860EFAE9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63099EF9-0512-44CD-946A-9B25144E50D9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9132BB1-5E2E-4CA6-9B63-027CF2A7229D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4421929D-C4B9-43C5-BE61-E68484D3B198"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D65E0CC-FA8C-41FD-B256-47DB0C9757FC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ibm:z\\/os:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "28A9DB7F-187D-42BA-B271-1C302E529BFB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References