{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-25T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2009-0670", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0670"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015580"}, {"name": "websphere-process-server-info-disclosure(48892)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48892"}, {"name": "JR30088", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088"}, {"name": "34249", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34249"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0507", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2009-0670", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0670"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27015580", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015580"}, {"name": "websphere-process-server-info-disclosure(48892)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48892"}, {"name": "JR30088", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088"}, {"name": "34249", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34249"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:03.551Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2009-0670", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0670"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015580"}, {"name": "websphere-process-server-info-disclosure(48892)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48892"}, {"name": "JR30088", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088"}, {"name": "34249", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34249"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0507", "datePublished": "2009-02-26T16:00:00.000Z", "dateReserved": "2009-02-10T00:00:00.000Z", "dateUpdated": "2024-08-07T04:40:03.551Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B6EE919-5BD1-4F77-9869-A3B7EC38B220", "versionEndIncluding": "6.1.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BD7097A-FBE2-432C-8A76-426181C8F6A5", "versionEndIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "07586269-73DA-4189-B0BD-95D4B0091FAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D43CB11-E506-4014-899E-417BDF7E0929", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member."}, {"lang": "es", "value": "IBM WebSphere Process Server (WPS) v6.1.2 anteriores v6.1.2.3 y v6.2 anteriores a v6.2.1.0 no restringen apropiadamente los datos de configuraci\u00f3n durante una exportaci\u00f3n del archivo de configuraci\u00f3n en cluster desde la consola de administraci\u00f3n, lo que permite a usuarios remotos autenticados obtener (1) informaci\u00f3n JMSAPI y (2) informaci\u00f3n de sesi\u00f3n del correo a trav\u00e9s de vectores que implica el acceso a un componente del cluster."}], "id": "CVE-2009-0507", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-26T16:17:19.843", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34249"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015580"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0670"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR30088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48892"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}