CVE-2010-0769 — IBM Websphere Application Server vulnerability

CWE-2553 documents3 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 82.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedApr 1

Latest updateMay 2

Description

IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server6.0.2.39+47

🔴Vulnerability Details

GHSA

GHSA-rrh8-mmjf-r99f: IBM WebSphere Application Server (WAS) 6↗2022-05-02

▶

CVEList

CVE-2010-0769: IBM WebSphere Application Server (WAS) 6↗2010-04-01

▶