CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2085

The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.5%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2009-2085

Ibm » Websphere Application Server » Version: 6.1

cpe:2.3:a:ibm:websphere_application_server:6.1
Ibm » Websphere Application Server » Version: 6.1.0

cpe:2.3:a:ibm:websphere_application_server:6.1.0
Ibm » Websphere Application Server » Version: 6.1.0.0

cpe:2.3:a:ibm:websphere_application_server:6.1.0.0
Ibm » Websphere Application Server » Version: 6.1.0.1

cpe:2.3:a:ibm:websphere_application_server:6.1.0.1
Ibm » Websphere Application Server » Version: 6.1.0.10

cpe:2.3:a:ibm:websphere_application_server:6.1.0.10
Ibm » Websphere Application Server » Version: 6.1.0.11

cpe:2.3:a:ibm:websphere_application_server:6.1.0.11
Ibm » Websphere Application Server » Version: 6.1.0.12

cpe:2.3:a:ibm:websphere_application_server:6.1.0.12
Ibm » Websphere Application Server » Version: 6.1.0.13

cpe:2.3:a:ibm:websphere_application_server:6.1.0.13
Ibm » Websphere Application Server » Version: 6.1.0.14

cpe:2.3:a:ibm:websphere_application_server:6.1.0.14
Ibm » Websphere Application Server » Version: 6.1.0.15

cpe:2.3:a:ibm:websphere_application_server:6.1.0.15
Ibm » Websphere Application Server » Version: 6.1.0.16

cpe:2.3:a:ibm:websphere_application_server:6.1.0.16
Ibm » Websphere Application Server » Version: 6.1.0.17

cpe:2.3:a:ibm:websphere_application_server:6.1.0.17
Ibm » Websphere Application Server » Version: 6.1.0.18

cpe:2.3:a:ibm:websphere_application_server:6.1.0.18
Ibm » Websphere Application Server » Version: 6.1.0.19

cpe:2.3:a:ibm:websphere_application_server:6.1.0.19
Ibm » Websphere Application Server » Version: 6.1.0.2

cpe:2.3:a:ibm:websphere_application_server:6.1.0.2
Ibm » Websphere Application Server » Version: 6.1.0.20

cpe:2.3:a:ibm:websphere_application_server:6.1.0.20
Ibm » Websphere Application Server » Version: 6.1.0.21

cpe:2.3:a:ibm:websphere_application_server:6.1.0.21
Ibm » Websphere Application Server » Version: 6.1.0.22

cpe:2.3:a:ibm:websphere_application_server:6.1.0.22
Ibm » Websphere Application Server » Version: 6.1.0.23

cpe:2.3:a:ibm:websphere_application_server:6.1.0.23
Ibm » Websphere Application Server » Version: 6.1.0.24

cpe:2.3:a:ibm:websphere_application_server:6.1.0.24
Ibm » Websphere Application Server » Version: 6.1.0.3

cpe:2.3:a:ibm:websphere_application_server:6.1.0.3
Ibm » Websphere Application Server » Version: 6.1.0.4

cpe:2.3:a:ibm:websphere_application_server:6.1.0.4
Ibm » Websphere Application Server » Version: 6.1.0.5

cpe:2.3:a:ibm:websphere_application_server:6.1.0.5
Ibm » Websphere Application Server » Version: 6.1.0.6

cpe:2.3:a:ibm:websphere_application_server:6.1.0.6
Ibm » Websphere Application Server » Version: 6.1.0.7

cpe:2.3:a:ibm:websphere_application_server:6.1.0.7
Ibm » Websphere Application Server » Version: 6.1.0.8

cpe:2.3:a:ibm:websphere_application_server:6.1.0.8
Ibm » Websphere Application Server » Version: 6.1.0.9

cpe:2.3:a:ibm:websphere_application_server:6.1.0.9
Ibm » Websphere Application Server » Version: 7.0

cpe:2.3:a:ibm:websphere_application_server:7.0
Ibm » Websphere Application Server » Version: 7.0.0.1

cpe:2.3:a:ibm:websphere_application_server:7.0.0.1
Ibm » Websphere Application Server » Version: 7.0.0.3

cpe:2.3:a:ibm:websphere_application_server:7.0.0.3
Ibm » Websphere Application Server » Version: 7.0.0.4

cpe:2.3:a:ibm:websphere_application_server:7.0.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-2085

Products

Pricing

Contact Us