| Vulnerability Name: | CVE-2009-0506 (CCN-48886) | ||||||||
| Assigned: | 2009-02-24 | ||||||||
| Published: | 2009-02-24 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. Per http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60223: "Note: WebSphere Application Server V6.0.2 Fix Pack 2 (6.0.2.2), Fix Pack 4 (6.0.2.4), Fix Pack 6 (6.0.2.6), Fix Pack 8 (6.0.2.8), Fix Pack 10 (6.0.2.10), Fix Pack 12 (6.0.2.12), Fix Pack 14 (6.0.2.14), Fix Pack 16 (6.0.2.16), Fix Pack 18 (6.0.2.18), Fix Pack 20 (6.0.2.20), Fix Pack 22 (6.0.2.22) and Fix Pack 24 (6.0.2.24) were only published for the z/OS® platform." | ||||||||
| CVSS v3 Severity: | 4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C) 4.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0506 Source: CCN Type: SA34038 IBM WebSphere Application Server for z/OS Unspecified Vulnerability Source: CCN Type: IBM Web site WebSphere Application Server for z/OS Source: CCN Type: IBM Support & downloads APAR/PTF table for WebSphere Application Server V6.0.1 for z/OS Source: CONFIRM Type: Patch http://www-01.ibm.com/support/docview.wss?uid=swg27006876 Source: AIXAPAR Type: UNKNOWN PK71143 Source: CCN Type: OSVDB ID: 52608 IBM WebSphere Application Server (WAS) for z/OS CSIv2 Identity Assertion / JEB Functionality Unspecified Local Issue Source: BID Type: UNKNOWN 33884 Source: CCN Type: BID-33884 IBM WebSphere Application z/OS CSLv2 Identity Assertion Unspecified Local Vulnerability Source: XF Type: UNKNOWN websphere-zos-csiv2-unspecified(48886) Source: XF Type: UNKNOWN websphere-zos-csiv2-unspecified(48886) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||