CVE-2009-0506

EUVD-2009-0510
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
5.1.0
ibmwebsphere_application_server
6.0.2
ibmwebsphere_application_server
6.0.2.4
ibmwebsphere_application_server
6.0.2.6
ibmwebsphere_application_server
6.0.2.8
ibmwebsphere_application_server
6.0.2.10
ibmwebsphere_application_server
6.0.2.12
ibmwebsphere_application_server
6.0.2.14
ibmwebsphere_application_server
6.0.2.16
ibmwebsphere_application_server
6.0.2.18
ibmwebsphere_application_server
6.0.2.20
ibmwebsphere_application_server
6.0.2.22
ibmwebsphere_application_server
6.0.2.24
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143
http://www.securityfocus.com/bid/33884
https://exchange.xforce.ibmcloud.com/vulnerabilities/48886
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143
http://www.securityfocus.com/bid/33884
https://exchange.xforce.ibmcloud.com/vulnerabilities/48886