CVE-2009-2747

2011-10-3010:55:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

jndi

cve-2009-2747

security vulnerability

5.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.7%

JSON

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0.2.1
ibm:websphere_application_serveribm websphere application servereq6.0.2.5
ibm:websphere_application_serveribm websphere application servereq6.0.0.3
ibm:websphere_application_serveribm websphere application servereq6.0.1.15
ibm:websphere_application_serveribm websphere application servereq6.0.1.3
ibm:websphere_application_serveribm websphere application servereq6.0.2.13
ibm:websphere_application_serveribm websphere application servereq6.0.2.9
ibm:websphere_application_serveribm websphere application servereq6.0.1.11
ibm:websphere_application_serveribm websphere application servereq6.0.2.28
ibm:websphere_application_serveribm websphere application servereq6.0.2.11

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.15
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.13
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.9
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.11
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.28
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.11