What is the severity of CVE-2009-0899?

CVE-2009-0899 has been rated as a moderate severity vulnerability.

How do I fix CVE-2009-0899?

To fix CVE-2009-0899, upgrade to the latest version of the affected IBM software that addresses this vulnerability.

What software versions are affected by CVE-2009-0899?

CVE-2009-0899 affects IBM WebSphere Application Server versions 6.1 to 6.1.0.24 and 7.0 to 7.0.0.4, IBM WebSphere Portal Server versions 5.1 to 6.0, and IBM Integrated Solutions Console version 6.0.1.

What is the impact of CVE-2009-0899?

The impact of CVE-2009-0899 can potentially allow unauthorized access due to misconfiguration of the security settings.

Who is responsible for addressing CVE-2009-0899?

It is the responsibility of organizations using the affected IBM products to ensure they apply necessary updates to mitigate CVE-2009-0899.

Vulnerability/
CVE-2009-0899

medium

4.3

CWE

264

3/6/2009

8/11/2018

CVE-2009-0899

First published: Wed Jun 03 2009(Updated: )

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
IBM Integrated Solutions Console	=6.0.1
IBM WebSphere Application Server with Web Server Plug-ins	>=6.1<=6.1.0.24
IBM WebSphere Application Server with Web Server Plug-ins	>=7.0<=7.0.0.4
IBM WebSphere Portal	>=5.1<6.0.0.0

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21375859

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-0899?
CVE-2009-0899 has been rated as a moderate severity vulnerability.
How do I fix CVE-2009-0899?
To fix CVE-2009-0899, upgrade to the latest version of the affected IBM software that addresses this vulnerability.
What software versions are affected by CVE-2009-0899?
CVE-2009-0899 affects IBM WebSphere Application Server versions 6.1 to 6.1.0.24 and 7.0 to 7.0.0.4, IBM WebSphere Portal Server versions 5.1 to 6.0, and IBM Integrated Solutions Console version 6.0.1.
What is the impact of CVE-2009-0899?
The impact of CVE-2009-0899 can potentially allow unauthorized access due to misconfiguration of the security settings.
Who is responsible for addressing CVE-2009-0899?
It is the responsibility of organizations using the affected IBM products to ensure they apply necessary updates to mitigate CVE-2009-0899.

agent/references
agent/weakness
agent/author
agent/severity
agent/type
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm integrated solutions console
version/ibm integrated solutions console/6.0.1
canonical/ibm websphere application server with web server plug-ins
version/ibm websphere application server with web server plug-ins/6.1
version/ibm websphere application server with web server plug-ins/6.1.0.24
version/ibm websphere application server with web server plug-ins/7.0
version/ibm websphere application server with web server plug-ins/7.0.0.4
canonical/ibm websphere portal
version/ibm websphere portal/5.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.