CVE-2009-0440

IBM WebSphere Partner Gateway 6.0.0-6.0.0.7 - Command Injection

Title source: llm

Description

IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print."

References (5)

Scores

EPSS 0.0043
EPSS Percentile 62.4%

Classification

CWE
CWE-287
Status draft

Affected Products (8)

ibm/websphere_partner_gateway
ibm/websphere_partner_gateway
ibm/websphere_partner_gateway
ibm/websphere_partner_gateway
ibm/websphere_partner_gateway
ibm/websphere_partner_gateway
ibm/websphere_partner_gateway
ibm/websphere_partner_gateway

Timeline

Published Feb 22, 2009
Tracked Since Feb 18, 2026