CVE-2009-1900

high

Description

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/52077

https://exchange.xforce.ibmcloud.com/vulnerabilities/51171

http://www.vupen.com/english/advisories/2009/1464

http://www.securityfocus.com/bid/35405

http://www-1.ibm.com/support/docview.wss?uid=swg1PK84999

http://www-01.ibm.com/support/docview.wss?uid=swg27014463

http://www-01.ibm.com/support/docview.wss?uid=swg27007951

http://www-01.ibm.com/support/docview.wss?uid=swg27006876

http://secunia.com/advisories/35301

Details

Source: Mitre, NVD

Published: 2009-06-03

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High