Lucene search

[email protected]NVD:CVE-2009-2748

HistoryOct 30, 2011 - 10:55 a.m.

CVE-2009-2748

2011-10-3010:55:02

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.29 and 7.1 before 7.0.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch6.1.0.23

ibmwebsphere_application_serverMatch6.1.0.25

ibmwebsphere_application_serverMatch6.1.0.27

Node

ibmwebsphere_application_serverMatch7.0

ibmwebsphere_application_serverMatch7.0.0.1

ibmwebsphere_application_serverMatch7.0.0.2

ibmwebsphere_application_serverMatch7.0.0.3

ibmwebsphere_application_serverMatch7.0.0.4

ibmwebsphere_application_serverMatch7.0.0.5

ibmwebsphere_application_serverMatch7.0.0.6

VendorProductVersionCPE
ibmwebsphere_application_server6.1.0cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.0cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.1cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.2cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.5cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.7cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.9cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.11cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.12cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.15cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.1.0	cpe:2.3:a:ibm:websphere_application_server:6.1.0:::::::*
ibm	websphere_application_server	6.1.0.0	cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:::::::*
ibm	websphere_application_server	6.1.0.1	cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:::::::*
ibm	websphere_application_server	6.1.0.2	cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:::::::*
ibm	websphere_application_server	6.1.0.5	cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:::::::*
ibm	websphere_application_server	6.1.0.7	cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:::::::*
ibm	websphere_application_server	6.1.0.9	cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:::::::*
ibm	websphere_application_server	6.1.0.11	cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:::::::*
ibm	websphere_application_server	6.1.0.12	cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:::::::*
ibm	websphere_application_server	6.1.0.15	cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:::::::*