Lucene search
HistoryApr 01, 2010 - 7:30 p.m.
CVE-2010-0769
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
High
EPSS
0
Percentile
5.1%
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local users to discover a KeyRingPassword password by reading a cleartext field in the resources.xml file.
Affected configurations
Node
ibmwebsphere_application_serverRangeβ€6.0.2.39
ORibmwebsphere_application_serverMatch6.0
ORibmwebsphere_application_serverMatch6.0.0.2
ORibmwebsphere_application_serverMatch6.0.0.3
ORibmwebsphere_application_serverMatch6.0.1
ORibmwebsphere_application_serverMatch6.0.1.2
ORibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.21
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.33
ORibmwebsphere_application_serverMatch6.0.2.35
ORibmwebsphere_application_serverMatch6.0.2.37
Node
ibmwebsphere_application_serverRangeβ€6.1.0.29
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.13
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.25
ORibmwebsphere_application_serverMatch6.1.0.27
Node
ibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.5
ORibmwebsphere_application_serverMatch7.0.0.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | * | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0 | cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.0.3 | cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.1 | cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.1.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.5 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2010-0769
2010-04-01 19:30:00
seebug
seebug
IBM WebSphereεΊη¨ζε‘ε¨wsadminθζ¬ζ§θ‘δΏ‘ζ―ζ³ι²ζΌζ΄
2010-04-02 00:00:00
cvelist
cvelist
CVE-2010-0769
2010-04-01 19:00:00
prion
prion
Default credentials
2010-04-01 19:30:00
openvas
openvas
IBM WebSphere Application Server Multiple Vulnerabilities (swg27004980)
2010-04-01 00:00:00
IBM WebSphere Application Server multiple vulnerabilities
2010-04-01 00:00:00
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 9
2010-04-06 00:00:00
IBM WebSphere Application Server 6.0 < 6.0.2.41 Multiple Vulnerabilities
2010-04-06 00:00:00
IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities
2010-04-06 00:00:00
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
AI Score
5.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2010-0769