CVE-2010-0769

2010-04-0119:30:00

CWE-255

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

security

keyringpassword

disclosure

vulnerability

nvd

5.9 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0.2.1
ibm:websphere_application_serveribm websphere application servereq6.0.2.5
ibm:websphere_application_serveribm websphere application serverle6.0.2.39
ibm:websphere_application_serveribm websphere application servereq6.0.0.3
ibm:websphere_application_serveribm websphere application servereq6.0.2.13
ibm:websphere_application_serveribm websphere application servereq6.0.2.9
ibm:websphere_application_serveribm websphere application servereq6.0.2.11
ibm:websphere_application_serveribm websphere application servereq6.0.2.35
ibm:websphere_application_serveribm websphere application servereq6.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.21

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.5
ibm:websphere_application_server	ibm websphere application server	le	6.0.2.39
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.13
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.9
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.11
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.35
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.21