CVE-2009-0432 — IBM Websphere Application Server vulnerability

CWE-163 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 44.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedFeb 10

Latest updateMay 2

Description

The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server10 versions+9

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2c4w-ch79-9223: The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6↗2022-05-02

▶

CVEList

CVE-2009-0432: The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6↗2009-02-10

▶