CVE-2009-0904

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
ibmwebsphere_application_server
6.1
ibmwebsphere_application_server
6.1.0
ibmwebsphere_application_server
6.1.0.1
ibmwebsphere_application_server
6.1.0.2
ibmwebsphere_application_server
6.1.0.3
ibmwebsphere_application_server
6.1.0.4
ibmwebsphere_application_server
6.1.0.5
ibmwebsphere_application_server
6.1.0.6
ibmwebsphere_application_server
6.1.0.7
ibmwebsphere_application_server
6.1.0.8
ibmwebsphere_application_server
6.1.0.9
ibmwebsphere_application_server
6.1.0.10
ibmwebsphere_application_server
6.1.0.11
ibmwebsphere_application_server
6.1.0.12
ibmwebsphere_application_server
6.1.0.13
ibmwebsphere_application_server
6.1.0.14
ibmwebsphere_application_server
6.1.0.15
ibmwebsphere_application_server
6.1.0.16
ibmwebsphere_application_server
6.1.0.17
ibmwebsphere_application_server
6.1.0.18
ibmwebsphere_application_server
6.1.0.19
ibmwebsphere_application_server
6.1.0.20
ibmwebsphere_application_server
6.1.0.21
ibmwebsphere_application_server
6.1.0.22
ibmwebsphere_application_server
6.1.0.23
ibmwebsphere_application_server
6.1.1
ibmwebsphere_application_server
6.1.13
ibmwebsphere_application_server
6.1.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-1.ibm.com/support/docview.wss?uid=swg1PK84015
http://www.securityfocus.com/bid/35741
https://exchange.xforce.ibmcloud.com/vulnerabilities/51490
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-1.ibm.com/support/docview.wss?uid=swg1PK84015
http://www.securityfocus.com/bid/35741
https://exchange.xforce.ibmcloud.com/vulnerabilities/51490