Vulnerability-Lookup

CVE-2008-0402 (GCVE-0-2008-0402)

Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46

Summary

Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/28586	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://www-1.ibm.com/support/search.wss?rs=0&q=JR…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0254	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1019252	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/27389	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:55.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "websphere-repository-weak-security(39830)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
          },
          {
            "name": "28586",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28586"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
          },
          {
            "name": "JR28175",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
          },
          {
            "name": "ADV-2008-0254",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0254"
          },
          {
            "name": "1019252",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019252"
          },
          {
            "name": "27389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27389"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "websphere-repository-weak-security(39830)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
        },
        {
          "name": "28586",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28586"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
        },
        {
          "name": "JR28175",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
        },
        {
          "name": "ADV-2008-0254",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0254"
        },
        {
          "name": "1019252",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019252"
        },
        {
          "name": "27389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27389"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "websphere-repository-weak-security(39830)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
            },
            {
              "name": "28586",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28586"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
            },
            {
              "name": "JR28175",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
            },
            {
              "name": "ADV-2008-0254",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0254"
            },
            {
              "name": "1019252",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019252"
            },
            {
              "name": "27389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27389"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0402",
    "datePublished": "2008-01-23T11:00:00",
    "dateReserved": "2008-01-22T00:00:00",
    "dateUpdated": "2024-08-07T07:46:55.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:advanced:*:*:*:*:*\", \"matchCriteriaId\": \"C6D2FBE7-9647-43C0-B9C9-BBF65C2DDA4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:basic:*:*:*:*:*\", \"matchCriteriaId\": \"F08393EA-AA31-41C0-9259-27D5F008E65D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en IBM WebSphere Business Modeler Basic y Advanced 6.0.2.1 anterior a Interim Fix 11 permite a usuarios remotos validados evitar intenciones las restricciones de acceso intencionada y borrar recursos del repositorio de su elecci\\u00f3n a trav\\u00e9s de vectores desconocidos, incluso cuando no son administradores o miembros del grupo al que pertenece el respositorio.\"}]",
      "id": "CVE-2008-0402",
      "lastModified": "2024-11-21T00:42:00.387",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-01-23T12:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28586\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018060\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018061\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27389\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019252\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0254\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39830\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28586\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39830\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0402\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-23T12:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en IBM WebSphere Business Modeler Basic y Advanced 6.0.2.1 anterior a Interim Fix 11 permite a usuarios remotos validados evitar intenciones las restricciones de acceso intencionada y borrar recursos del repositorio de su elecci\u00f3n a trav\u00e9s de vectores desconocidos, incluso cuando no son administradores o miembros del grupo al que pertenece el respositorio.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:advanced:*:*:*:*:*\",\"matchCriteriaId\":\"C6D2FBE7-9647-43C0-B9C9-BBF65C2DDA4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:basic:*:*:*:*:*\",\"matchCriteriaId\":\"F08393EA-AA31-41C0-9259-27D5F008E65D\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28586\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018060\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018061\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27389\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019252\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0254\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39830\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39830\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-0402

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0402

Aliases

CVE-2008-0402

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0402",
    "description": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group.",
    "id": "GSD-2008-0402"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0402"
      ],
      "details": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group.",
      "id": "GSD-2008-0402",
      "modified": "2023-12-13T01:22:58.686823Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0402",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "websphere-repository-weak-security(39830)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
          },
          {
            "name": "28586",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28586"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
          },
          {
            "name": "JR28175",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
          },
          {
            "name": "ADV-2008-0254",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0254"
          },
          {
            "name": "1019252",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019252"
          },
          {
            "name": "27389",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27389"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:basic:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:advanced:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0402"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
            },
            {
              "name": "JR28175",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
            },
            {
              "name": "27389",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27389"
            },
            {
              "name": "1019252",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019252"
            },
            {
              "name": "28586",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28586"
            },
            {
              "name": "ADV-2008-0254",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0254"
            },
            {
              "name": "websphere-repository-weak-security(39830)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-01-23T12:00Z"
    }
  }
}

FKIE_CVE-2008-0402

Vulnerability from fkie_nvd - Published: 2008-01-23 12:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28586	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24018060	Patch
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24018061	Patch
cve@mitre.org	http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only
cve@mitre.org	http://www.securityfocus.com/bid/27389
cve@mitre.org	http://www.securitytracker.com/id?1019252
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0254
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39830
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28586	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24018060	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24018061	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27389
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019252
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0254
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39830

Impacted products

	Vendor	Product	Version
	ibm	websphere_business_modeler	6.0.2_1
	ibm	websphere_business_modeler	6.0.2_1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:advanced:*:*:*:*:*",
              "matchCriteriaId": "C6D2FBE7-9647-43C0-B9C9-BBF65C2DDA4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_business_modeler:6.0.2_1:*:basic:*:*:*:*:*",
              "matchCriteriaId": "F08393EA-AA31-41C0-9259-27D5F008E65D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM WebSphere Business Modeler Basic y Advanced 6.0.2.1 anterior a Interim Fix 11 permite a usuarios remotos validados evitar intenciones las restricciones de acceso intencionada y borrar recursos del repositorio de su elecci\u00f3n a trav\u00e9s de vectores desconocidos, incluso cuando no son administradores o miembros del grupo al que pertenece el respositorio."
    }
  ],
  "id": "CVE-2008-0402",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-23T12:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28586"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27389"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019252"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0254"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été découvertes dans des produits IBM. L'exploitation de ces vulnérabilités permet de provoquer un déni de service ou d'effectuer des actions malveillantes sur le système de fichiers de la machine cible.

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

GHSA-XXMR-5PW7-P42V

Vulnerability from github – Published: 2022-05-01 23:29 – Updated: 2022-05-01 23:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0402"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-23T12:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group.",
  "id": "GHSA-xxmr-5pw7-p42v",
  "modified": "2022-05-01T23:29:59Z",
  "published": "2022-05-01T23:29:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0402"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28586"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27389"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019252"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0254"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0402 (GCVE-0-2008-0402)

GSD-2008-0402

FKIE_CVE-2008-0402

CERTA-2008-AVI-035

Description

Solution

CERTA-2008-AVI-035

Description

Solution

GHSA-XXMR-5PW7-P42V

Tags

Sightings

Nomenclature