Lucene search

[email protected]CVE-2009-1899

HistoryJun 03, 2009 - 5:00 p.m.

CVE-2009-1899

2009-06-0317:00:00

[email protected]

web.nvd.nist.gov

cve-2009-1899

ibm websphere

application server

security vulnerability

information disclosure

z/os

nvd

5.5 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a “security exposure in wsadmin.”

Affected configurations

NVD

Node

ibmwebsphere_application_serverRange≤6.0.2.33

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.8

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.10

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.12

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.14

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.16

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.18

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.20

ibmwebsphere_application_serverMatch6.0.2.21

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.0.2.31

ibmwebsphere_application_serverMatch6.0.2.32

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application serverle6.0.2.33
ibm:websphere_application_serveribm websphere application servereq6.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.1
ibm:websphere_application_serveribm websphere application servereq6.0.2.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.3
ibm:websphere_application_serveribm websphere application servereq6.0.2.4
ibm:websphere_application_serveribm websphere application servereq6.0.2.5
ibm:websphere_application_serveribm websphere application servereq6.0.2.6
ibm:websphere_application_serveribm websphere application servereq6.0.2.7
ibm:websphere_application_serveribm websphere application servereq6.0.2.8

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	le	6.0.2.33
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.4
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.6
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.7
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.8

Rows per page:

1-10 of 331

References

secunia.com/advisories/35301

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-01.ibm.com/support/docview.wss?uid=swg27014463

www-1.ibm.com/support/docview.wss?uid=swg1PK77495

www.securityfocus.com/bid/35405

www.vupen.com/english/advisories/2009/1464

exchange.xforce.ibmcloud.com/vulnerabilities/51172

exchange.xforce.ibmcloud.com/vulnerabilities/52075

5.5 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2009-1899

cvelist1 prion1 nvd2 cve1 nessus3