Vulnerability Database

316,422

Total vulnerabilities in the database

CVE-2009-0899

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.

Published: Jun 3, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-0899
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / integrated_solutions_console	6.0.1	6.0.1.x
ibm / websphere_application_server	6.1	6.1.0.24.x
ibm / websphere_application_server	7.0	7.0.0.4.x
ibm / websphere_portal	5.1	6.0.0.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo