Lucene search

[email protected]CVE-2009-0506

HistoryFeb 25, 2009 - 4:30 p.m.

CVE-2009-0506

2009-02-2516:30:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2009-0506

ibm

websphere

application server

was

vulnerabilty

csiv2 identity assertion

ejb

z/os

6.2 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq5.1.0
ibm:websphere_application_serveribm websphere application servereq6.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.4
ibm:websphere_application_serveribm websphere application servereq6.0.2.6
ibm:websphere_application_serveribm websphere application servereq6.0.2.8
ibm:websphere_application_serveribm websphere application servereq6.0.2.10
ibm:websphere_application_serveribm websphere application servereq6.0.2.12
ibm:websphere_application_serveribm websphere application servereq6.0.2.14
ibm:websphere_application_serveribm websphere application servereq6.0.2.16
ibm:websphere_application_serveribm websphere application servereq6.0.2.18

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	5.1.0
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.4
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.6
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.8
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.10
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.12
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.14
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.16
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.18

Rows per page:

1-10 of 131

References

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-1.ibm.com/support/docview.wss?uid=swg1PK71143

www.securityfocus.com/bid/33884

exchange.xforce.ibmcloud.com/vulnerabilities/48886

6.2 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2009-0506

prion1 cvelist1 nessus1