ByteOS Network

NVD Vulnerability Details :

CVE-2009-0506

Modified

Source-cve@mitre.org

Published At-25 Feb, 2009 | 16:30

Updated At-08 Aug, 2017 | 01:33

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.2	MEDIUM	AV:L/AC:H/Au:N/C:C/I:C/A:C

CPE Matches

IBM Corporation

>>websphere_application_server>>5.1.0

cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2

cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.4

cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.6

cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.8

cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.10

cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.12

cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.14

cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.16

cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.18

cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.20

cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.22

cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.24

cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*

IBM Corporation

>>z\/os>>*

cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

Evaluator Solution

Per http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60223: "Note: WebSphere Application Server V6.0.2 Fix Pack 2 (6.0.2.2), Fix Pack 4 (6.0.2.4), Fix Pack 6 (6.0.2.6), Fix Pack 8 (6.0.2.8), Fix Pack 10 (6.0.2.10), Fix Pack 12 (6.0.2.12), Fix Pack 14 (6.0.2.14), Fix Pack 16 (6.0.2.16), Fix Pack 18 (6.0.2.18), Fix Pack 20 (6.0.2.20), Fix Pack 22 (6.0.2.22) and Fix Pack 24 (6.0.2.24) were only published for the z/OS® platform."

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg27006876	cve@mitre.org	Patch
http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143	cve@mitre.org	N/A
http://www.securityfocus.com/bid/33884	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/48886	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History