CVE-2009-0906 — Improper Authentication in IBM Websphere Application Server

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedAug 13

Latest updateMay 2

Description

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server1.0, 1.0.0.2+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3368-gjw8-34fq: The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1↗2022-05-02

▶

CVEList

CVE-2009-0906: The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1↗2009-08-13

▶