Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1953

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2009-1953
Last Modified 29 Jan 2013 12:00:00
Published 07 Jun 2009 09:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2009-1953

Summary

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server (WAS) and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to obtain access with the credentials of a recently authenticated user via unspecified vectors.

Vulnerable Systems

Application

  • Ibm Filenet Content Manager 4.0

  • Ibm Filenet Content Manager 4.0.1

  • Ibm Filenet Content Manager 4.5

  • Ibm Websphere Application Server

  • Oracle Weblogic Application Server


References

VUPEN - ADV-2009-1512

BID - 35228

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21389281

SECUNIA - 35347


Last Updated: 27 May 2016 10:50:44