Improper Configuration Data Restriction in IBM WebSphere Process Server
CVE-2009-0507

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Process Server
Vendor: CVE Published:; 26 February 2009

What is CVE-2009-0507?

IBM WebSphere Process Server versions 6.1.2 prior to 6.1.2.3 and 6.2 prior to 6.2.0.1 have a vulnerability that allows remote authenticated users to access sensitive configuration data. This issue arises from insufficient restrictions on exported cluster configuration files through the administrative console, resulting in the exposure of cleartext passwords for JMSAPI, ESCALATION, and MAILSESSION components. Attackers with valid credentials can exploit this vulnerability to glean sensitive information, posing a significant security risk.

References

http://www.vupen.com/english/advisories/2009/0670

vdb-entryx_refsource_VUPEN

http://www-01.ibm.com/support/docview.wss?uid=swg27015580

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/48892

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2009
Vulnerability Reserved
Feb 10, 2009