CVE-2009-0507
Published Feb 26, 2009
Last updated 7 years ago
Overview
- Description
- IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-16
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B6EE919-5BD1-4F77-9869-A3B7EC38B220",
"versionEndIncluding": "6.1.2.2"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BD7097A-FBE2-432C-8A76-426181C8F6A5",
"versionEndIncluding": "6.2"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07586269-73DA-4189-B0BD-95D4B0091FAD"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D43CB11-E506-4014-899E-417BDF7E0929"
}
],
"operator": "OR"
}
]
}
]