CVE-2009-0506

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.

Published: Feb 25, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0506
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	5.1.0	5.1.0.x
ibm / websphere_application_server	6.0.2	6.0.2.x
ibm / websphere_application_server	6.0.2.4	6.0.2.4.x
ibm / websphere_application_server	6.0.2.6	6.0.2.6.x
ibm / websphere_application_server	6.0.2.8	6.0.2.8.x
ibm / websphere_application_server	6.0.2.10	6.0.2.10.x
ibm / websphere_application_server	6.0.2.12	6.0.2.12.x
ibm / websphere_application_server	6.0.2.14	6.0.2.14.x
ibm / websphere_application_server	6.0.2.16	6.0.2.16.x
ibm / websphere_application_server	6.0.2.18	6.0.2.18.x
ibm / websphere_application_server	6.0.2.20	6.0.2.20.x
ibm / websphere_application_server	6.0.2.22	6.0.2.22.x
ibm / websphere_application_server	6.0.2.24	6.0.2.24.x

Vulnerability Database

290,020

CVE-2009-0506