Details of VAR-200905-0213

ID

VAR-200905-0213

CVE

CVE-2009-0897

TITLE

IBM WebSphere Partner Gateway 'bcgarchive' Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 35136 // CNNVD: CNNVD-200905-258

DESCRIPTION

IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 before 6.1.1.1 allows remote authenticated users to obtain sensitive information via vectors related to the "schema DB2 instance id" and the bcgarchive (aka the archiver script). IBM WebSphere Partner Gateway (WPG) is prone to an information-disclosure vulnerability. Exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks. WPG 6.1.0 and 6.1.1 are vulnerable. WebSphere Partner Gateway is a centralized, integrated B2B trading partner and transaction management tool

Trust: 1.98

sources: NVD: CVE-2009-0897 // JVNDB: JVNDB-2009-004520 // BID: 35136 // VULHUB: VHN-38343

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere partner gateway	scope:	eq	version:	6.1.1	Trust: 1.9
vendor:	ibm	model:	websphere partner gateway	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ibm	model:	websphere partner gateway	scope:	lt	version:	6.1.0.1	Trust: 0.8
vendor:	ibm	model:	websphere partner gateway	scope:	eq	version:	6.1	Trust: 0.3

sources: BID: 35136 // JVNDB: JVNDB-2009-004520 // CNNVD: CNNVD-200905-258 // NVD: CVE-2009-0897

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-0897
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-0897
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200905-258
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-38343
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-0897
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38343
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38343 // JVNDB: JVNDB-2009-004520 // CNNVD: CNNVD-200905-258 // NVD: CVE-2009-0897

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2009-004520 // NVD: CVE-2009-0897

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200905-258

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200905-258

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004520

PATCH

title:

WebSphere Partner Gateway

url:

http://www-01.ibm.com/software/integration/wspartnergateway/

Trust: 0.8

sources: JVNDB: JVNDB-2009-004520

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0897	Trust: 2.8
db:	BID	id:	35136	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-004520	Trust: 0.8
db:	XF	id:	50643	Trust: 0.6
db:	AIXAPAR	id:	JR31482	Trust: 0.6
db:	CNNVD	id:	CNNVD-200905-258	Trust: 0.6
db:	VULHUB	id:	VHN-38343	Trust: 0.1

sources: VULHUB: VHN-38343 // BID: 35136 // JVNDB: JVNDB-2009-004520 // CNNVD: CNNVD-200905-258 // NVD: CVE-2009-0897

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21366016	Trust: 2.0
url:	http://www.securityfocus.com/bid/35136	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50643	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0897	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0897	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50643	Trust: 0.6
url:	http://www-01.ibm.com/software/integration/wspartnergateway/	Trust: 0.3

sources: VULHUB: VHN-38343 // BID: 35136 // JVNDB: JVNDB-2009-004520 // CNNVD: CNNVD-200905-258 // NVD: CVE-2009-0897

CREDITS

IBM

Trust: 0.9

sources: BID: 35136 // CNNVD: CNNVD-200905-258

SOURCES

db:	VULHUB	id:	VHN-38343
db:	BID	id:	35136
db:	JVNDB	id:	JVNDB-2009-004520
db:	CNNVD	id:	CNNVD-200905-258
db:	NVD	id:	CVE-2009-0897

LAST UPDATE DATE

2025-04-10T23:12:54.254000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38343	date:	2017-08-17T00:00:00
db:	BID	id:	35136	date:	2009-05-28T20:29:00
db:	JVNDB	id:	JVNDB-2009-004520	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200905-258	date:	2009-06-04T00:00:00
db:	NVD	id:	CVE-2009-0897	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38343	date:	2009-05-21T00:00:00
db:	BID	id:	35136	date:	2009-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2009-004520	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200905-258	date:	2009-05-21T00:00:00
db:	NVD	id:	CVE-2009-0897	date:	2009-05-21T15:30:01.530