Lucene search
HistoryNov 16, 2009 - 7:30 p.m.
CVE-2009-2746
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
High
EPSS
0.002
Percentile
56.3%
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Affected configurations
Node
ibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.8
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.10
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.12
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.14
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.16
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.18
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.20
ORibmwebsphere_application_serverMatch6.0.2.21
ORibmwebsphere_application_serverMatch6.0.2.22
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.24
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.28
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.30
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.32
ORibmwebsphere_application_serverMatch6.0.2.33
ORibmwebsphere_application_serverMatch6.0.2.35
ORibmwebsphere_application_serverMatch6.0.2.37
ORibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.13
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.25
ORibmwebsphere_application_serverMatch6.1.0.27
ORibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.4
ORibmwebsphere_application_serverMatch7.0.0.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 6.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.5 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.6 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.7 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.8 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.9 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2009-11-16 19:30:00
cve
cve
CVE-2009-2746
2009-11-16 19:30:00
cvelist
cvelist
CVE-2009-2746
2009-11-16 19:00:00
nessus
nessus
IBM WebSphere Application Server < 6.1.0.29 Multiple Vulnerabilities
2011-10-31 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 7
2009-11-13 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
High
EPSS
0.002
Percentile
56.3%
Related for NVD:CVE-2009-2746