CVE-2009-0906

{"id": "CVE-2009-0906", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-13T18:30:00.233", "references": [{"url": "http://secunia.com/advisories/36306", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015429", "tags": ["Patch"], "source": "[email protected]"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047", "source": "[email protected]"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52074", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/36306", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015429", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52074", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors."}, {"lang": "es", "value": "El Service Component Architecture (SCA) \"feature pack\" para IBM WebSphere Application Server (WAS) SCA v1.0 anterior a v1.0.0.3, permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas por authentication.transport y obtener acceso no especificado a trav\u00e9s de vectores desconocidos."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFDC724-24B4-4FC2-9018-C915B4275790"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:1.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538B9F5A-5160-430B-8028-940DEE765D3C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}