Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0507

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2009-0507
Last Modified 16 May 2009 01:29:49
Published 26 Feb 2009 11:17:19
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0507

Summary

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Vulnerable Systems

Application

  • Ibm Websphere Process Server 6.1.2

  • Ibm Websphere Process Server 6.1.2.1

  • Ibm Websphere Process Server 6.1.2.2

  • Ibm Websphere Process Server 6.2


References

XF - websphere-process-server-info-disclosure(48892)

VUPEN - ADV-2009-0670

AIXAPAR - JR30088

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27015580

SECUNIA - 34249


Last Updated: 27 May 2016 10:50:16