Signature Verification Flaw in IBM WebSphere Partner Gateway
CVE-2009-0440

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Partner Gateway
Vendor: CVE Published:; 22 February 2009

Summary

IBM WebSphere Partner Gateway versions from 6.0.0 to 6.0.0.7 have a vulnerability related to inadequate handling of signature verification failures. This flaw can permit remote authenticated users to craft manipulated RosettaNet documents, which may lead to unauthorized alterations of service content and potential exploitation through compromised digital signatures.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48530

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/33839

vdb-entryx_refsource_BID

http://secunia.com/advisories/33994

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 22, 2009
Vulnerability Reserved
Feb 5, 2009