CVE-2009-0432

EUVD-2009-0436
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
6.1.0.1
ibmwebsphere_application_server
6.1.0.2
ibmwebsphere_application_server
6.1.0.3
ibmwebsphere_application_server
6.1.0.5
ibmwebsphere_application_server
6.1.0.7
ibmwebsphere_application_server
6.1.0.9
ibmwebsphere_application_server
6.1.0.11
ibmwebsphere_application_server
6.1.0.13
ibmwebsphere_application_server
6.1.0.15
ibmwebsphere_application_server
6.1.0.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-1.ibm.com/support/docview.wss?uid=swg1PK59108
http://www.securityfocus.com/bid/33700
https://exchange.xforce.ibmcloud.com/vulnerabilities/48522
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-1.ibm.com/support/docview.wss?uid=swg1PK59108
http://www.securityfocus.com/bid/33700
https://exchange.xforce.ibmcloud.com/vulnerabilities/48522