CVE-2009-0504Sensitive Information Exposure in IBM Websphere Application Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 82.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedFeb 17
Latest updateMay 2

Description

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-g46g-49jm-3qmj: WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 72022-05-02
CVEList
CVE-2009-0504: WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 72009-02-17
CVE-2009-0504 — Sensitive Information Exposure in IBM | cvebase