Lucene search

Websphere Partner Gateway Security Vulnerabilities - January

cve

CVE-2009-0440

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital ...

6.2AI Score

0.003EPSS

2009-02-22 10:30 PM

cve

CVE-2009-0897

IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script).

5.6AI Score

0.001EPSS

2009-05-21 03:30 PM

cve

CVE-2009-2093

SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

7.9AI Score

0.002EPSS

2009-08-13 06:30 PM