CVE-2009-1900

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
ibmwebsphere_application_server
𝑥
≤ 6.0.2.33
ibmwebsphere_application_server
6.0.2
ibmwebsphere_application_server
6.0.2.1
ibmwebsphere_application_server
6.0.2.2
ibmwebsphere_application_server
6.0.2.3
ibmwebsphere_application_server
6.0.2.4
ibmwebsphere_application_server
6.0.2.5
ibmwebsphere_application_server
6.0.2.6
ibmwebsphere_application_server
6.0.2.7
ibmwebsphere_application_server
6.0.2.8
ibmwebsphere_application_server
6.0.2.9
ibmwebsphere_application_server
6.0.2.10
ibmwebsphere_application_server
6.0.2.11
ibmwebsphere_application_server
6.0.2.12
ibmwebsphere_application_server
6.0.2.13
ibmwebsphere_application_server
6.0.2.14
ibmwebsphere_application_server
6.0.2.15
ibmwebsphere_application_server
6.0.2.16
ibmwebsphere_application_server
6.0.2.17
ibmwebsphere_application_server
6.0.2.18
ibmwebsphere_application_server
6.0.2.19
ibmwebsphere_application_server
6.0.2.20
ibmwebsphere_application_server
6.0.2.21
ibmwebsphere_application_server
6.0.2.22
ibmwebsphere_application_server
6.0.2.23
ibmwebsphere_application_server
6.0.2.24
ibmwebsphere_application_server
6.0.2.25
ibmwebsphere_application_server
6.0.2.27
ibmwebsphere_application_server
6.0.2.28
ibmwebsphere_application_server
6.0.2.29
ibmwebsphere_application_server
6.0.2.30
ibmwebsphere_application_server
6.0.2.31
ibmwebsphere_application_server
6.0.2.32
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35301
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www-1.ibm.com/support/docview.wss?uid=swg1PK84999
http://www.securityfocus.com/bid/35405
http://www.vupen.com/english/advisories/2009/1464
https://exchange.xforce.ibmcloud.com/vulnerabilities/51171
https://exchange.xforce.ibmcloud.com/vulnerabilities/52077
http://secunia.com/advisories/35301
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www-1.ibm.com/support/docview.wss?uid=swg1PK84999
http://www.securityfocus.com/bid/35405
http://www.vupen.com/english/advisories/2009/1464
https://exchange.xforce.ibmcloud.com/vulnerabilities/51171
https://exchange.xforce.ibmcloud.com/vulnerabilities/52077