CVE-2009-0507
Severity CVSS v4.0:
Pending analysis
Type:
CWE-16
Configuration Errors
Publication date:
26/02/2009
Last modified:
09/04/2025
Description
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:* | 6.1.2.2 (including) | |
| cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:* | 6.2 (including) | |
| cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/34249
- http://www-01.ibm.com/support/docview.wss?uid=swg27015580
- http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088
- http://www.vupen.com/english/advisories/2009/0670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48892
- http://secunia.com/advisories/34249
- http://www-01.ibm.com/support/docview.wss?uid=swg27015580
- http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088
- http://www.vupen.com/english/advisories/2009/0670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48892