← Back

CVE-2009-0899

nvd nist
Published: Jun 3, 2009Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.

Affected (4)

Ibm
3 products
Integrated Solutions Console
Websphere Application Server
Websphere Portal
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Integrated Solutions Console
Version 6.0.1
Ibm
Websphere Application Server
From 6.1 to 6.1.0.24
Websphere Application Server
From 7.0 to 7.0.0.4
Websphere Portal
From 5.1 to 6.0.0.0

Related CWEs

CWE-264
CWE-264

References (8)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.