Unrated severityNVD Advisory· Published Feb 26, 2009· Updated Apr 23, 2026

CVE-2009-0507

Description

IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.

Affected products

IBM/Websphere Process Server3 versions
cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:websphere_process_server:*:*:*:*:*:*:*:*range: <=6.1.2.2
- cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-1.ibm.com/support/docview.wssnvdVendor Advisory
secunia.com/advisories/34249nvd
www-01.ibm.com/support/docview.wssnvd
www.vupen.com/english/advisories/2009/0670nvd
exchange.xforce.ibmcloud.com/vulnerabilities/48892nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000