1. CVE-Search
  2. CVE-2009-0506
ID CVE-2009-0506
Summary Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. Per http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60223: "Note: WebSphere Application Server V6.0.2 Fix Pack 2 (6.0.2.2), Fix Pack 4 (6.0.2.4), Fix Pack 6 (6.0.2.6), Fix Pack 8 (6.0.2.8), Fix Pack 10 (6.0.2.10), Fix Pack 12 (6.0.2.12), Fix Pack 14 (6.0.2.14), Fix Pack 16 (6.0.2.16), Fix Pack 18 (6.0.2.18), Fix Pack 20 (6.0.2.20), Fix Pack 22 (6.0.2.22) and Fix Pack 24 (6.0.2.24) were only published for the z/OSĀ® platform."
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
refmap via4
aixapar PK71143
bid 33884
confirm http://www-01.ibm.com/support/docview.wss?uid=swg27006876
xf websphere-zos-csiv2-unspecified(48886)
Last major update 08-08-2017 - 01:33
Published 25-02-2009 - 16:30
Last modified 08-08-2017 - 01:33
Back to Top