CVE-2009-0440

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Partner Gateway
Vendor: CVE Published:; 22 February 2009

Summary

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48530

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/33839

vdb-entryx_refsource_BID

http://secunia.com/advisories/33994

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 22, 2009
Vulnerability Reserved
Feb 5, 2009