Lucene search

[email protected]CVE-2009-1953

HistoryJun 08, 2009 - 1:00 a.m.

CVE-2009-1953

2009-06-0801:00:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

filenet

content manager

cve-2009-1953

websphere

application server

oracle

bea

weblogic

remote attack

credentials

authentication

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.9%

JSON

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

CPENameOperatorVersion
ibm:filenet_content_manageribm filenet content managereq4.5
ibm:filenet_content_manageribm filenet content managereq4.0.1
ibm:filenet_content_manageribm filenet content managereq4.0

CPE	Name	Operator	Version
ibm:filenet_content_manager	ibm filenet content manager	eq	4.5
ibm:filenet_content_manager	ibm filenet content manager	eq	4.0.1
ibm:filenet_content_manager	ibm filenet content manager	eq	4.0

References

secunia.com/advisories/35347

www-01.ibm.com/support/docview.wss?uid=swg21389281

www.securityfocus.com/bid/35228

www.vupen.com/english/advisories/2009/1512

6.7 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2009-1953

prion1 cvelist1