CVE-2009-0507

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Published: Feb 26, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0507
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-16

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
ibm / websphere_process_server	6.1.2	6.1.2.x
ibm / websphere_process_server	-	6.1.2.2.x
ibm / websphere_process_server	6.1.2.1	6.1.2.1.x
ibm / websphere_process_server	-	6.2.x

http://secunia.com/advisories/34249
http://www-01.ibm.com/support/docview.wss?uid=swg27015580
http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088
http://www.vupen.com/english/advisories/2009/0670
https://exchange.xforce.ibmcloud.com/vulnerabilities/48892

Vulnerability Database

290,278

CVE-2009-0507