VYPR
Unrated severityNVD Advisory· Published Feb 26, 2009· Updated Jun 16, 2026

CVE-2009-0507

CVE-2009-0507

Description

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Affected products

5
  • cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*range: <=6.1.2.2
    • cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:*
    • (no CPE)range: <6.1.2.3, <6.2.0.1
  • IBM/WPSllm-create
    Range: <6.1.2.3, <6.2.0.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.