Configuration

CVE-2009-0507

Medium

4/10

Summary

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

Published Feb 26, 2009

Configuration

CVE-2009-0507

Summary

CWE-16 - Configuration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS