ID

VAR-200908-0426


CVE

CVE-2009-2093


TITLE

IBM WPG Enterprise In the console SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-004741

DESCRIPTION

SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The issue affects the following: WebSphere Partner Gateway 6.0 Enterprise WebSphere Partner Gateway 6.1.0 Enterprise WebSphere Partner Gateway 6.1.1 Enterprise WebSphere Partner Gateway 6.2 Enterprise. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. WebSphere Partner Gateway 6.0: Apply the latest Fix Pack (WPG 6.0 FP8 or later) or APAR JR32608. WebSphere Partner Gateway 6.1: Apply the latest Fix Pack (WPG 6.1 FP3, WPG 6.1.1 FP2 or later), or APAR JR32609 or APAR JR32386. WebSphere Partner Gateway 6.2: Apply the latest Fix Pack (WPG 6.2 FP1 or later) or APAR JR32607 (JR33176). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21382117 IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/52393 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-2093 // JVNDB: JVNDB-2009-004741 // BID: 36058 // VULHUB: VHN-39539 // PACKETSTORM: 80443

AFFECTED PRODUCTS

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1.1

Trust: 1.9

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.2

Trust: 1.9

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1.0

Trust: 1.6

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.0

Trust: 1.6

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp3

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.0

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp1

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp8

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.1

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.2

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.1.1

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp2

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1.1.1

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.7

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.6

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0

Trust: 0.3

sources: BID: 36058 // JVNDB: JVNDB-2009-004741 // CNNVD: CNNVD-200908-171 // NVD: CVE-2009-2093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2093
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2093
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200908-171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2093
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39539
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39539 // JVNDB: JVNDB-2009-004741 // CNNVD: CNNVD-200908-171 // NVD: CVE-2009-2093

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-39539 // JVNDB: JVNDB-2009-004741 // NVD: CVE-2009-2093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-171

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 80443 // CNNVD: CNNVD-200908-171

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004741

PATCH

title:1382117url:http://www-01.ibm.com/support/docview.wss?uid=swg21382117

Trust: 0.8

sources: JVNDB: JVNDB-2009-004741

EXTERNAL IDS

db:NVDid:CVE-2009-2093

Trust: 2.8

db:SECUNIAid:36295

Trust: 1.9

db:VUPENid:ADV-2009-2292

Trust: 1.7

db:JVNDBid:JVNDB-2009-004741

Trust: 0.8

db:CNNVDid:CNNVD-200908-171

Trust: 0.7

db:XFid:52393

Trust: 0.7

db:BIDid:36058

Trust: 0.4

db:VULHUBid:VHN-39539

Trust: 0.1

db:PACKETSTORMid:80443

Trust: 0.1

sources: VULHUB: VHN-39539 // BID: 36058 // JVNDB: JVNDB-2009-004741 // PACKETSTORM: 80443 // CNNVD: CNNVD-200908-171 // NVD: CVE-2009-2093

REFERENCES

url:http://www-01.ibm.com/support/docview.wss?uid=swg21382117

Trust: 2.1

url:http://secunia.com/advisories/36295

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/2292

Trust: 1.7

url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32386

Trust: 1.1

url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32607

Trust: 1.1

url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32608

Trust: 1.1

url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32609

Trust: 1.1

url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr33176

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/52393

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2093

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2093

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/52393

Trust: 0.7

url:http://www-01.ibm.com/software/integration/wspartnergateway/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/36295/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-39539 // BID: 36058 // JVNDB: JVNDB-2009-004741 // PACKETSTORM: 80443 // CNNVD: CNNVD-200908-171 // NVD: CVE-2009-2093

CREDITS

IBM

Trust: 0.3

sources: BID: 36058

SOURCES

db:VULHUBid:VHN-39539
db:BIDid:36058
db:JVNDBid:JVNDB-2009-004741
db:PACKETSTORMid:80443
db:CNNVDid:CNNVD-200908-171
db:NVDid:CVE-2009-2093

LAST UPDATE DATE

2025-04-10T23:20:42.099000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-39539date:2017-08-17T00:00:00
db:BIDid:36058date:2009-08-21T15:48:00
db:JVNDBid:JVNDB-2009-004741date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200908-171date:2009-08-21T00:00:00
db:NVDid:CVE-2009-2093date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-39539date:2009-08-13T00:00:00
db:BIDid:36058date:2009-07-27T00:00:00
db:JVNDBid:JVNDB-2009-004741date:2012-09-25T00:00:00
db:PACKETSTORMid:80443date:2009-08-18T11:59:22
db:CNNVDid:CNNVD-200908-171date:2009-08-13T00:00:00
db:NVDid:CVE-2009-2093date:2009-08-13T18:30:00.937