CVE-2010-2323 - OpenCVE

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Websphere Application Server Zos

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:websphere_application_server::::::::
	cpe:2.3:a:ibm:websphere_application_server:7.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:::::::*

cpe:2.3:o:ibm:zos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/40096
http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454
http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830
http://www.vupen.com/english/advisories/2010/1411

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-06-18T18:00:00Z

Updated: 2024-09-16T17:07:59.875Z

Reserved: 2010-06-18T00:00:00Z

Link: CVE-2010-2323

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-06-18T18:30:01.157

Modified: 2010-06-24T21:05:47.327

Link: CVE-2010-2323

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-06-18T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2010-1411", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1411"}, {"name": "PM15830", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830"}, {"name": "40096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40096"}, {"name": "PM10454", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2010-1411", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1411"}, {"name": "PM15830", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830"}, {"name": "40096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40096"}, {"name": "PM10454", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:32:16.301Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2010-1411", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1411"}, {"name": "PM15830", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830"}, {"name": "40096", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40096"}, {"name": "PM10454", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2323", "datePublished": "2010-06-18T18:00:00Z", "dateReserved": "2010-06-18T00:00:00Z", "dateUpdated": "2024-09-16T17:07:59.875Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF0E1F40-C9BA-4879-A952-51E211298D27", "versionEndIncluding": "7.0.0.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A553A6E7-64AA-41F2-9B92-4EC715C617B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9BFBDE57-3895-4841-B23C-06336A7016EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "CF56870A-F9D3-4544-B63A-EFC2E82A1F7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "30B7A7B9-FCD1-4509-93CF-C5B736B04F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "C93D1CE2-1772-44C0-A8CB-73E9AA1AF6B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "90BA0923-4064-49D3-82A2-EEFC4B0F9A9C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:zos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8D60057-94B9-40DB-927D-953703552B2A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT."}, {"lang": "es", "value": "IBM WebSphere Application Server (WAS) v7.0 anteriores a v7.0.0.11 en z/OS podr\u00eda permitir a atacantes, obtener informaci\u00f3n sensible leyendo el fichero default_create.log, que est\u00e1 asociado con la creaci\u00f3n de perfiles por los trabajos BBOWWPFx y zPMT."}], "id": "CVE-2010-2323", "lastModified": "2010-06-24T21:05:47.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-06-18T18:30:01.157", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40096"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1411"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}