| Vulnerability Name: | CVE-2009-2093 (CCN-52393) | ||||||||
| Assigned: | 2009-07-27 | ||||||||
| Published: | 2009-07-27 | ||||||||
| Updated: | 2017-08-17 | ||||||||
| Summary: | SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2093 Source: CCN Type: SA36295 IBM WebSphere Partner Gateway SQL Injection Vulnerability Source: SECUNIA Type: UNKNOWN 36295 Source: CCN Type: IBM Support & downloads SQL Injection Problem with WebSphere Partner Gateway Console Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21382117 Source: AIXAPAR Type: UNKNOWN JR32386 Source: AIXAPAR Type: UNKNOWN JR32607 Source: AIXAPAR Type: UNKNOWN JR32608 Source: AIXAPAR Type: UNKNOWN JR32609 Source: AIXAPAR Type: UNKNOWN JR33176 Source: CCN Type: OSVDB ID: 57035 IBM WebSphere Partner Gateway (WPG) Unspecified SQL Injection Source: VUPEN Type: UNKNOWN ADV-2009-2292 Source: XF Type: UNKNOWN wpg-console-sql-injection(52393) Source: XF Type: UNKNOWN wpg-console-sql-injection(52393) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||