CVE-2009-0434 — Sensitive Information Exposure in IBM Websphere Application Server

CWE-200 — Sensitive Information Exposure6 documents3 sources

Severity

5.0MEDIUMNVD

NVD1.9

EPSS

0.1%

top 82.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedFeb 10

Latest updateMay 17

Description

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server7.0+56

🔴Vulnerability Details

GHSA

GHSA-cwj6-r3ph-3rpm: PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7↗2022-05-17

▶

GHSA

GHSA-mc69-478q-9cxf: PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6↗2022-05-02

▶

CVEList

CVE-2009-0434: PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6↗2009-02-10

▶

CVEList

CVE-2008-5413: PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7↗2008-12-10

▶