CVE-2009-1173 — IBM Websphere Application Server vulnerability

CWE-2646 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 83.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMar 31

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server7.0.0.13+138

Patches

Patch: www-01.ibm.com ↗Patch: www.vupen.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vj5c-g6v8-g74w: The installer in IBM WebSphere Application Server (WAS) before 7↗2022-05-17

▶

GHSA

GHSA-j62f-893w-g6cp: IBM WebSphere Application Server (WAS) 7↗2022-05-02

▶

CVEList

CVE-2011-1307: The installer in IBM WebSphere Application Server (WAS) before 7↗2011-03-08

▶

CVEList

CVE-2009-1173: IBM WebSphere Application Server (WAS) 7↗2009-03-31

▶