Vulnerabilities > CVE-2009-0503 - Credentials Management vulnerability in IBM Websphere Message Broker 6.1/6.1.0.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 33819 CVE(CAN) ID: CVE-2009-0503 WebSphere Message Broker 为增强面向服务的架构交付高级企业服务总线(ESB),为基于标准和非标准的应用程序及服务提供了连通性和通用数据转换。 WebSphere Message Broker在处理JDBC错误时会将数据库连接口令写入到事件日志和系统日志中,本地用户可以通过读取这些日志获得敏感信息。 IBM WebSphere Message Broker 6.1 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431 target=_blank rel=external nofollow>http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431</a> |
| id | SSV:4807 |
| last seen | 2017-11-19 |
| modified | 2009-02-20 |
| published | 2009-02-20 |
| reporter | Root |
| title | IBM WebSphere Message Broker本地信息泄露漏洞 |
References
- http://www.securityfocus.com/bid/33819
- http://www.securitytracker.com/id?1021735
- http://www.vupen.com/english/advisories/2009/0460
- http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27011431
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC55298
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48642