Sign-up

ID

VAR-200908-0426


CVE

CVE-2009-2093


TITLE

IBM WPG Enterprise In the console SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-004741

DESCRIPTION

SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The issue affects the following: WebSphere Partner Gateway 6.0 Enterprise WebSphere Partner Gateway 6.1.0 Enterprise WebSphere Partner Gateway 6.1.1 Enterprise WebSphere Partner Gateway 6.2 Enterprise. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. WebSphere Partner Gateway 6.0: Apply the latest Fix Pack (WPG 6.0 FP8 or later) or APAR JR32608. WebSphere Partner Gateway 6.1: Apply the latest Fix Pack (WPG 6.1 FP3, WPG 6.1.1 FP2 or later), or APAR JR32609 or APAR JR32386. WebSphere Partner Gateway 6.2: Apply the latest Fix Pack (WPG 6.2 FP1 or later) or APAR JR32607 (JR33176). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21382117 IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/52393 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-2093 // JVNDB: JVNDB-2009-004741 // BID: 36058 // VULHUB: VHN-39539 // PACKETSTORM: 80443

AFFECTED PRODUCTS

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1.1

Trust: 1.9

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.2

Trust: 1.9

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1.0

Trust: 1.6

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.0

Trust: 1.6

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp3

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.0

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp1

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp8

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.1

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.2

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:ltversion:6.1.1

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:fp2

Trust: 0.8

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1.1.1

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.7

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.6

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.5

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.4

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.3

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:websphere partner gatewayscope:eqversion:6.0

Trust: 0.3

sources: BID: 36058 // JVNDB: JVNDB-2009-004741 // CNNVD: CNNVD-200908-171 // NVD: CVE-2009-2093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2093
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2093
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200908-171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2093
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39539
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39539 // JVNDB: JVNDB-2009-004741 // CNNVD: CNNVD-200908-171 // NVD: CVE-2009-2093

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-39539 // JVNDB: JVNDB-2009-004741 // NVD: CVE-2009-2093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-171

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 80443 // CNNVD: CNNVD-200908-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-004741

PATCH
title:1382117url:http://www-01.ibm.com/support/docview.wss?uid=swg21382117
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-004741

EXTERNAL IDS
db:NVDid:CVE-2009-2093
Trust: 2.8
db:SECUNIAid:36295
Trust: 1.9
db:VUPENid:ADV-2009-2292
Trust: 1.7
db:JVNDBid:JVNDB-2009-004741
Trust: 0.8
db:CNNVDid:CNNVD-200908-171
Trust: 0.7
db:XFid:52393
Trust: 0.7
db:BIDid:36058
Trust: 0.4
db:VULHUBid:VHN-39539
Trust: 0.1
db:PACKETSTORMid:80443
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39539 // 
            
            
            
            BID: 36058 // 
            
            
            
            JVNDB: JVNDB-2009-004741 // 
            
            
            
            PACKETSTORM: 80443 // 
            
            
            
            CNNVD: CNNVD-200908-171 // 
            
            
            
            NVD: CVE-2009-2093

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21382117
Trust: 2.1
url:http://secunia.com/advisories/36295
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/2292
Trust: 1.7
url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32386
Trust: 1.1
url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32607
Trust: 1.1
url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32608
Trust: 1.1
url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr32609
Trust: 1.1
url:http://www-1.ibm.com/support/docview.wss?uid=swg1jr33176
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/52393
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2093
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2093
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/52393
Trust: 0.7
url:http://www-01.ibm.com/software/integration/wspartnergateway/
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/36295/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39539 // 
            
            
            
            BID: 36058 // 
            
            
            
            JVNDB: JVNDB-2009-004741 // 
            
            
            
            PACKETSTORM: 80443 // 
            
            
            
            CNNVD: CNNVD-200908-171 // 
            
            
            
            NVD: CVE-2009-2093

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 36058

SOURCES
db:VULHUBid:VHN-39539
db:BIDid:36058
db:JVNDBid:JVNDB-2009-004741
db:PACKETSTORMid:80443
db:CNNVDid:CNNVD-200908-171
db:NVDid:CVE-2009-2093

LAST UPDATE DATE
2025-04-10T23:20:42.099000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39539date:2017-08-17T00:00:00
db:BIDid:36058date:2009-08-21T15:48:00
db:JVNDBid:JVNDB-2009-004741date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200908-171date:2009-08-21T00:00:00
db:NVDid:CVE-2009-2093date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39539date:2009-08-13T00:00:00
db:BIDid:36058date:2009-07-27T00:00:00
db:JVNDBid:JVNDB-2009-004741date:2012-09-25T00:00:00
db:PACKETSTORMid:80443date:2009-08-18T11:59:22
db:CNNVDid:CNNVD-200908-171date:2009-08-13T00:00:00
db:NVDid:CVE-2009-2093date:2009-08-13T18:30:00.937