CVE-2009-0506

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ibmwebsphere_application_server
5.1.0
ibmwebsphere_application_server
6.0.2
ibmwebsphere_application_server
6.0.2.4
ibmwebsphere_application_server
6.0.2.6
ibmwebsphere_application_server
6.0.2.8
ibmwebsphere_application_server
6.0.2.10
ibmwebsphere_application_server
6.0.2.12
ibmwebsphere_application_server
6.0.2.14
ibmwebsphere_application_server
6.0.2.16
ibmwebsphere_application_server
6.0.2.18
ibmwebsphere_application_server
6.0.2.20
ibmwebsphere_application_server
6.0.2.22
ibmwebsphere_application_server
6.0.2.24
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143
http://www.securityfocus.com/bid/33884
https://exchange.xforce.ibmcloud.com/vulnerabilities/48886
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143
http://www.securityfocus.com/bid/33884
https://exchange.xforce.ibmcloud.com/vulnerabilities/48886