CVE-2009-0906

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/36306	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27015429	Patch
http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047
https://exchange.xforce.ibmcloud.com/vulnerabilities/52074

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_application_server:1.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:1.0.0.2:::::::*

History

No history.

Information

Published : 2009-08-13 18:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-0906

Mitre link : CVE-2009-0906

CVE.ORG link : CVE-2009-0906

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

CWE-287

Improper Authentication

{"id": "CVE-2009-0906", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-13T18:30:00.233", "references": [{"url": "http://secunia.com/advisories/36306", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015429", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52074", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors."}, {"lang": "es", "value": "El Service Component Architecture (SCA) \"feature pack\" para IBM WebSphere Application Server (WAS) SCA v1.0 anterior a v1.0.0.3, permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas por authentication.transport y obtener acceso no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2017-08-17T01:30:05.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFDC724-24B4-4FC2-9018-C915B4275790"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:1.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538B9F5A-5160-430B-8028-940DEE765D3C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}