CVE-2009-0440
IBM WebSphere Partner Gateway 6.0.0-6.0.0.7 - Command Injection
Title source: llmDescription
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48530
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33839
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33994
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21330341
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1JR31231
Scores
EPSS
0.0120
EPSS Percentile
64.2%
Details
CWE
CWE-287
Status
published
Products (8)
ibm/websphere_partner_gateway
6.0.0
ibm/websphere_partner_gateway
6.0.0.1
ibm/websphere_partner_gateway
6.0.0.2
ibm/websphere_partner_gateway
6.0.0.3
ibm/websphere_partner_gateway
6.0.0.4
ibm/websphere_partner_gateway
6.0.0.5
ibm/websphere_partner_gateway
6.0.0.6
ibm/websphere_partner_gateway
6.0.0.7
Published
Feb 22, 2009
Tracked Since
Feb 18, 2026