Vulnerability Details CVE-2009-0432
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK59108
- http://www.securityfocus.com/bid/33700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48522
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK59108
- http://www.securityfocus.com/bid/33700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48522
Products affected by CVE-2009-0432
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7
-
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9