CVE-2009-0899
Published Jun 3, 2009
Last updated 6 years ago
Overview
- Description
- IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:integrated_solutions_console:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "767F0F9A-B9C9-46DB-855D-1ADA1089C073"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73FB17BC-7C69-4F4F-A343-48FD7E78AA8B",
"versionEndIncluding": "6.1.0.24",
"versionStartIncluding": "6.1"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B05A31C2-4115-4398-BBD8-979CF465D340",
"versionEndIncluding": "7.0.0.4",
"versionStartIncluding": "7.0"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "612E369F-B0DA-4863-B76B-C3DD6283DAC2",
"versionEndExcluding": "6.0.0.0",
"versionStartIncluding": "5.1"
}
],
"operator": "OR"
}
]
}
]