Lucene search
MitreCVE-2009-2085HistoryAug 13, 2009 - 6:30 p.m.
CVE-2009-2085
2009-08-1318:30:00
CWE-287
mitre
web.nvd.nist.gov
35
ibm
websphere
application server
security
cve-2009-2085
ejb
identity assertion
csiv2
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.007
Percentile
79.6%
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
Affected configurations
Node
ibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.4
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.6
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.8
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.10
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.13
ORibmwebsphere_application_serverMatch6.1.0.14
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.16
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.18
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.20
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.22
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.24
ORibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 6.1 | cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0 | cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.0 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.1 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.3 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.4 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.5 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.6 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.1.0.7 | cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2009-2085
2009-08-13 18:30:00
prion
prion
Authentication flaw
2009-08-13 18:30:00
cvelist
cvelist
CVE-2009-2085
2009-08-13 18:00:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities
2009-06-19 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 5
2009-08-31 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.007
Percentile
79.6%
Related for CVE-2009-2085