Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0504

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2009-0504
Last Modified 18 Feb 2009 12:00:00
Published 17 Feb 2009 12:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0504

Summary

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 7.0


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27014463

XF - websphere-wspolicy-information-disclosure(48700)

AIXAPAR - PK73573


Last Updated: 27 May 2016 10:50:16