
CVE-2009-2093
https://notcve.org/view.php?id=CVE-2009-2093
13 Aug 2009 — SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola en IBM WebSphere Partner Gateway (WPG) Enterprise v6.0 anteriores a FP8, v6.1 anteriores a FP3, v6.1.1 anteriores a FP2, y v6.2 anteriores FP1 permite a los usuarios remotos autenticados ejecutar arbitrariamente... • http://secunia.com/advisories/36295 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVE-2009-0440
https://notcve.org/view.php?id=CVE-2009-0440
22 Feb 2009 — IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." IBM WebSphere Partner Gateway (WPG) v6.0.0 hasta v6.0.0.7 no gestiona adecuadamente los fallos de verificación de firma, lo que permite a usuarios remotos autenticados enviar un documento Ro... • http://secunia.com/advisories/33994 • CWE-287: Improper Authentication •