| Title | z/OS 用の IBM WAS における脆弱性 |
|---|---|
| Summary | z/OS 用の IBM WebSphere Application Server (WAS) は、CSIv2 Identity Assertion が有効になっている、および Enterprise JavaBeans (EJB) 通信が WAS 6.1 インスタンスと WAS pre-6.1 インスタント間に発生している際、(1) 間違った件名、および (2) 複数の CBIND チェックに関する不備があるため、不特定の影響を受ける脆弱性が存在します。 |
| Possible impacts | ローカルユーザにより、不特定の影響を受ける可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Feb. 25, 2009, midnight |
| Registration Date | Sept. 25, 2012, 5:27 p.m. |
| Last Update | Sept. 25, 2012, 5:27 p.m. |
| CVSS2.0 : 警告 | |
| Score | 6.2 |
|---|---|
| Vector | AV:L/AC:H/Au:N/C:C/I:C/A:C |
| IBM |
| IBM WebSphere Application Server 5.1 および 6.0.2.33 未満の 6.0.2 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2012年09月25日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. |
|---|---|
| Summary | Per http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60223: "Note: WebSphere Application Server V6.0.2 Fix Pack 2 (6.0.2.2), Fix Pack 4 (6.0.2.4), Fix Pack 6 (6.0.2.6), Fix Pack 8 (6.0.2.8), Fix Pack 10 (6.0.2.10), Fix Pack 12 (6.0.2.12), Fix Pack 14 (6.0.2.14), Fix Pack 16 (6.0.2.16), Fix Pack 18 (6.0.2.18), Fix Pack 20 (6.0.2.20), Fix Pack 22 (6.0.2.22) and Fix Pack 24 (6.0.2.24) were only published for the z/OS® platform." |
| Publication Date | Feb. 26, 2009, 1:30 a.m. |
| Registration Date | Jan. 29, 2021, 1:14 p.m. |
| Last Update | Aug. 8, 2017, 10:33 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:ibm:z\/os:*:*:*:*:*:*:*:* | ||||