Published: 30/10/2011 Updated: 17/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 prior to 6.0.2.39, 6.1 prior to 6.1.0.29, and 7.0 prior to 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote malicious users to obtain sensitive information via a crafted method call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere application server 6.0.2.29
ibm websphere application server 6.0.2.28
ibm websphere application server 6.0.1.9
ibm websphere application server 6.0.1.7
ibm websphere application server 6.0.2.11
ibm websphere application server 6.0.2.1
ibm websphere application server 6.0.0.1
ibm websphere application server 6.0.2.24
ibm websphere application server 6.0.2.25
ibm websphere application server 6.0.2.33
ibm websphere application server 6.0.2.32
ibm websphere application server 6.0.1.17
ibm websphere application server 6.0.1.13
ibm websphere application server 6.0.1.11
ibm websphere application server 6.0.2.7
ibm websphere application server 6.0.2.13
ibm websphere application server 6.0.2.15
ibm websphere application server 6.0
ibm websphere application server 6.0.2.22
ibm websphere application server 6.0.0.3
ibm websphere application server 6.0.2.31
ibm websphere application server 6.0.1.5
ibm websphere application server 6.0.1.3
ibm websphere application server 6.0.2.6
ibm websphere application server 6.0.2.5
ibm websphere application server 6.0.2
ibm websphere application server 6.0.2.2
ibm websphere application server 6.0.1
ibm websphere application server 6.0.1.2
ibm websphere application server 6.0.2.35
ibm websphere application server 6.0.2.37
ibm websphere application server 6.0.2.30
ibm websphere application server 6.0.1.15
ibm websphere application server 6.0.1.1
ibm websphere application server 6.0.2.27
ibm websphere application server 6.0.2.4
ibm websphere application server 6.0.2.3
ibm websphere application server 6.0.2.9
ibm websphere application server 6.0.2.19
ibm websphere application server 6.0.2.17
ibm websphere application server 6.0.2.23
ibm websphere application server 6.0.0.2
ibm websphere application server 6.1.0.2
ibm websphere application server 6.1.0.5
ibm websphere application server 6.1.0
ibm websphere application server 6.1.0.9
ibm websphere application server 6.1.0.23
ibm websphere application server 6.1.0.1
ibm websphere application server 6.1.0.27
ibm websphere application server 6.1.0.25
ibm websphere application server 6.1.0.15
ibm websphere application server 6.1.0.7
ibm websphere application server 6.1.0.12
ibm websphere application server 6.1.0.11
ibm websphere application server 6.1.0.19
ibm websphere application server 6.1.0.21
ibm websphere application server 6.1.0.17
ibm websphere application server 6.1.0.0
ibm websphere application server 7.0.0.3
ibm websphere application server 7.0.0.4
ibm websphere application server 7.0.0.5
ibm websphere application server 7.0.0.1
ibm websphere application server 7.0.0.2
ibm websphere application server 7.0.0.6
ibm websphere application server 7.0

CWE-264 http://www.ibm.com/support/docview.wss?uid=swg1PK91414 http://www.ibm.com/support/docview.wss?uid=swg1PK99480 https://exchange.xforce.ibmcloud.com/vulnerabilities/54228 https://nvd.nist.gov

Get Started

CVE-2009-2747

Vulnerability Summary

References

Vulmon Search

About

Products

Connect