Lucene search

[email protected]CVE-2009-0437

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0437

2009-02-1022:30:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

windows

sensitive information

exposure

cve-2009-0437

nvd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.0.2

AND

microsoftwindows

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0.2

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2

References

www-1.ibm.com/support/docview.wss?uid=swg1PK67405

www.securityfocus.com/bid/33849

exchange.xforce.ibmcloud.com/vulnerabilities/48527

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-0437

prion1 cvelist1 nvd1