Vulnerability CVE-2009-0507
Published: 2009-02-26   Modified: 2012-02-13

Description:
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Type:

CWE-16

 (Configuration)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IBM -> Websphere process server 

 References:
http://xforce.iss.net/xforce/xfdb/48892
http://www.vupen.com/english/advisories/2009/0670
http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088
http://www-01.ibm.com/support/docview.wss?uid=swg27015580
http://secunia.com/advisories/34249
Copyright 2024, cxsecurity.com

 

Back to Top