CVE-2009-0507

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Process Server
Vendor: CVE Published:; 26 February 2009

Summary

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

References

http://www.vupen.com/english/advisories/2009/0670

vdb-entryx_refsource_VUPEN

http://www-01.ibm.com/support/docview.wss?uid=swg27015580

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/48892

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 26, 2009
Vulnerability Reserved
Feb 10, 2009