cvelistv5 - cve-2008-0402

CVE-2008-0402 (GCVE-0-2008-0402)

Vulnerability from cvelistv5

Published

2008-01-23 11:00

Modified

2024-08-07 07:46

Severity ?

CWE

Summary

Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/39830	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/28586	third-party-advisory, x_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg24018060	x_refsource_CONFIRM
	http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only	vendor-advisory, x_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg24018061	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0254	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1019252	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/27389	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:55.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "websphere-repository-weak-security(39830)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
          },
          {
            "name": "28586",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28586"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
          },
          {
            "name": "JR28175",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
          },
          {
            "name": "ADV-2008-0254",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0254"
          },
          {
            "name": "1019252",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019252"
          },
          {
            "name": "27389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27389"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "websphere-repository-weak-security(39830)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
        },
        {
          "name": "28586",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28586"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
        },
        {
          "name": "JR28175",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
        },
        {
          "name": "ADV-2008-0254",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0254"
        },
        {
          "name": "1019252",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019252"
        },
        {
          "name": "27389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27389"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository\u0027s owning group."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "websphere-repository-weak-security(39830)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39830"
            },
            {
              "name": "28586",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28586"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
            },
            {
              "name": "JR28175",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=JR28175\u0026apar=only"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
            },
            {
              "name": "ADV-2008-0254",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0254"
            },
            {
              "name": "1019252",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019252"
            },
            {
              "name": "27389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27389"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0402",
    "datePublished": "2008-01-23T11:00:00.000Z",
    "dateReserved": "2008-01-22T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:46:55.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été découvertes dans des produits IBM. L'exploitation de ces vulnérabilités permet de provoquer un déni de service ou d'effectuer des actions malveillantes sur le système de fichiers de la machine cible.

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "initial_release_date": "2008-01-23T00:00:00",
  "last_revision_date": "2008-01-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0402 (GCVE-0-2008-0402)

Vulnerability from cvelistv5

CERTA-2008-AVI-035

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature