CVE-2008-0402 - OpenCVE

Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Business Modeler

Configuration 1 [-]

OR	cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1::advanced:::::
	cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1::basic:::::

No data.

References

Link	Providers
http://secunia.com/advisories/28586
http://www-1.ibm.com/support/docview.wss?uid=swg24018060
http://www-1.ibm.com/support/docview.wss?uid=swg24018061
http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only
http://www.securityfocus.com/bid/27389
http://www.securitytracker.com/id?1019252
http://www.vupen.com/english/advisories/2008/0254
https://exchange.xforce.ibmcloud.com/vulnerabilities/39830

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-23T11:00:00

Updated: 2024-08-07T07:46:55.050Z

Reserved: 2008-01-22T00:00:00

Link: CVE-2008-0402

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-23T12:00:00.000

Modified: 2017-08-08T01:29:31.947

Link: CVE-2008-0402

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "websphere-repository-weak-security(39830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"}, {"name": "28586", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28586"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"}, {"name": "JR28175", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"}, {"name": "ADV-2008-0254", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0254"}, {"name": "1019252", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019252"}, {"name": "27389", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27389"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "websphere-repository-weak-security(39830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"}, {"name": "28586", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28586"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"}, {"name": "JR28175", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"}, {"name": "ADV-2008-0254", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0254"}, {"name": "1019252", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019252"}, {"name": "27389", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27389"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:46:55.050Z"}, "title": "CVE Program Container", "references": [{"name": "websphere-repository-weak-security(39830)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"}, {"name": "28586", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28586"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"}, {"name": "JR28175", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"}, {"name": "ADV-2008-0254", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0254"}, {"name": "1019252", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019252"}, {"name": "27389", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27389"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0402", "datePublished": "2008-01-23T11:00:00", "dateReserved": "2008-01-22T00:00:00", "dateUpdated": "2024-08-07T07:46:55.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:advanced:*:*:*:*:*", "matchCriteriaId": "C6D2FBE7-9647-43C0-B9C9-BBF65C2DDA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:basic:*:*:*:*:*", "matchCriteriaId": "F08393EA-AA31-41C0-9259-27D5F008E65D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group."}, {"lang": "es", "value": "Vulnerabilidad no especificada en IBM WebSphere Business Modeler Basic y Advanced 6.0.2.1 anterior a Interim Fix 11 permite a usuarios remotos validados evitar intenciones las restricciones de acceso intencionada y borrar recursos del repositorio de su elecci\u00f3n a trav\u00e9s de vectores desconocidos, incluso cuando no son administradores o miembros del grupo al que pertenece el respositorio."}], "id": "CVE-2008-0402", "lastModified": "2017-08-08T01:29:31.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-23T12:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28586"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27389"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019252"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0254"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}