CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2009-2093
https://notcve.org/view.php?id=CVE-2009-2093
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la consola en IBM WebSphere Partner Gateway (WPG) Enterprise v6.0 anteriores a FP8, v6.1 anteriores a FP3, v6.1.1 anteriores a FP2, y v6.2 anteriores FP1 permite a los usuarios remotos autenticados ejecutar arbitrariamente comandos SQL a través de vectores no especificados. • http://secunia.com/advisories/36295 http://www-01.ibm.com/support/docview.wss?uid=swg21382117 http://www-1.ibm.com/support/docview.wss?uid=swg1JR32386 http://www-1.ibm.com/support/docview.wss?uid=swg1JR32607 http://www-1.ibm.com/support/docview.wss?uid=swg1JR32608 http://www-1.ibm.com/support/docview.wss? • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2009-0440
https://notcve.org/view.php?id=CVE-2009-0440
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." IBM WebSphere Partner Gateway (WPG) v6.0.0 hasta v6.0.0.7 no gestiona adecuadamente los fallos de verificación de firma, lo que permite a usuarios remotos autenticados enviar un documento RosettaNet (también conocido como RNIF) manipulado a una aplicación de administración, relacionado con (1) "contenido de servicio alterado" y (2) "foot-print de firma digital". • http://secunia.com/advisories/33994 http://www-01.ibm.com/support/docview.wss?uid=swg21330341 http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231 http://www.securityfocus.com/bid/33839 https://exchange.xforce.ibmcloud.com/vulnerabilities/48530 • CWE-287: Improper Authentication •