CVE-2009-0899 — IBM Websphere Portal vulnerability

CWE-2643 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 43.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Portal IBM Websphere Application Server IBM Integrated Solutions Console

Timeline

PublishedJun 3

Latest updateMay 2

Description

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDibm/websphere_application_server6.1 — 6.1.0.24+1

▶NVDibm/websphere_portal5.1 — 6.0.0.0

▶NVDibm/integrated_solutions_console6.0.1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rjqp-cxwg-rwxv: IBM WebSphere Application Server (WAS) 6↗2022-05-02

▶

CVEList

CVE-2009-0899: IBM WebSphere Application Server (WAS) 6↗2009-06-03

▶