CVE-2009-2092

Published: Aug 13, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors.

Affected (4)

Products: Ibm: Websphere Application Server

1 product

Websphere Application Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Application Server	Version 7.0.0.1
Ibm Websphere Application Server	Version 7.0.0.3
Ibm Websphere Application Server	Version 7.0.0.4
Ibm Websphere Application Server	Version 7.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (10)

http://secunia.com/advisories/34461

Source: cve@mitre.org

http://www-01.ibm.com/support/docview.wss?uid=swg27014463

Source: cve@mitre.org

Patch

http://www-1.ibm.com/support/docview.wss?uid=swg1PK89385

Source: cve@mitre.org

http://www.securityfocus.com/bid/36155

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/52375

Source: cve@mitre.org

http://secunia.com/advisories/34461

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg27014463

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www-1.ibm.com/support/docview.wss?uid=swg1PK89385

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/36155

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/52375

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.