Lucene search

MitreCVE-2009-2093

HistoryAug 13, 2009 - 6:30 p.m.

CVE-2009-2093

2009-08-1318:30:00

CWE-89

mitre

web.nvd.nist.gov

cve-2009-2093

sql injection

ibm websphere partner gateway

nvd

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.002

Percentile

58.8%

JSON

SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

ibmwebsphere_partner_gatewayMatch6.0.0enterprise

ibmwebsphere_partner_gatewayMatch6.0.0fp7

ibmwebsphere_partner_gatewayMatch6.1.0

ibmwebsphere_partner_gatewayMatch6.1.0enterprise

ibmwebsphere_partner_gatewayMatch6.1.1

ibmwebsphere_partner_gatewayMatch6.1.1enterprise

ibmwebsphere_partner_gatewayMatch6.1.1fp1

ibmwebsphere_partner_gatewayMatch6.2

ibmwebsphere_partner_gatewayMatch6.2enterprise

VendorProductVersionCPE
ibmwebsphere_partner_gateway6.0.0cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0:*:enterprise:*:*:*:*:*
ibmwebsphere_partner_gateway6.0.0cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0:fp7:*:*:*:*:*:*
ibmwebsphere_partner_gateway6.1.0cpe:2.3:a:ibm:websphere_partner_gateway:6.1.0:*:*:*:*:*:*:*
ibmwebsphere_partner_gateway6.1.0cpe:2.3:a:ibm:websphere_partner_gateway:6.1.0:*:enterprise:*:*:*:*:*
ibmwebsphere_partner_gateway6.1.1cpe:2.3:a:ibm:websphere_partner_gateway:6.1.1:*:*:*:*:*:*:*
ibmwebsphere_partner_gateway6.1.1cpe:2.3:a:ibm:websphere_partner_gateway:6.1.1:*:enterprise:*:*:*:*:*
ibmwebsphere_partner_gateway6.1.1cpe:2.3:a:ibm:websphere_partner_gateway:6.1.1:fp1:*:*:*:*:*:*
ibmwebsphere_partner_gateway6.2cpe:2.3:a:ibm:websphere_partner_gateway:6.2:*:*:*:*:*:*:*
ibmwebsphere_partner_gateway6.2cpe:2.3:a:ibm:websphere_partner_gateway:6.2:*:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_partner_gateway	6.0.0	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0::enterprise:::::
ibm	websphere_partner_gateway	6.0.0	cpe:2.3:a:ibm:websphere_partner_gateway:6.0.0:fp7::::::
ibm	websphere_partner_gateway	6.1.0	cpe:2.3:a:ibm:websphere_partner_gateway:6.1.0:::::::*
ibm	websphere_partner_gateway	6.1.0	cpe:2.3:a:ibm:websphere_partner_gateway:6.1.0::enterprise:::::
ibm	websphere_partner_gateway	6.1.1	cpe:2.3:a:ibm:websphere_partner_gateway:6.1.1:::::::*
ibm	websphere_partner_gateway	6.1.1	cpe:2.3:a:ibm:websphere_partner_gateway:6.1.1::enterprise:::::
ibm	websphere_partner_gateway	6.1.1	cpe:2.3:a:ibm:websphere_partner_gateway:6.1.1:fp1::::::
ibm	websphere_partner_gateway	6.2	cpe:2.3:a:ibm:websphere_partner_gateway:6.2:::::::*
ibm	websphere_partner_gateway	6.2	cpe:2.3:a:ibm:websphere_partner_gateway:6.2::enterprise:::::

References

secunia.com/advisories/36295

www-01.ibm.com/support/docview.wss?uid=swg21382117

www-1.ibm.com/support/docview.wss?uid=swg1JR32386

www-1.ibm.com/support/docview.wss?uid=swg1JR32607

www-1.ibm.com/support/docview.wss?uid=swg1JR32608

www-1.ibm.com/support/docview.wss?uid=swg1JR32609

www-1.ibm.com/support/docview.wss?uid=swg1JR33176

www.vupen.com/english/advisories/2009/2292

exchange.xforce.ibmcloud.com/vulnerabilities/52393

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.002

Percentile

58.8%

JSON

Related for CVE-2009-2093