Lucene search
MitreCVE-2009-0504HistoryFeb 17, 2009 - 5:30 p.m.
CVE-2009-0504
2009-02-1717:30:05
CWE-200
mitre
web.nvd.nist.gov
23
wspolicy
web services
ibm
websphere application server
vulnerability
security
soap
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
High
EPSS
0
Percentile
5.1%
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
Affected configurations
Node
ibmwebsphere_application_serverRange≤7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | * | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
Related
prion
prion
Default credentials
2009-02-17 17:30:00
nvd
nvd
CVE-2009-0504
2009-02-17 17:30:05
cvelist
cvelist
CVE-2009-0504
2009-02-17 17:00:00
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 1
2008-12-10 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2009-0504