CVE-2009-3852

Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/37210	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920
http://www.securityfocus.com/bid/36894
http://www.vupen.com/english/advisories/2009/3106	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54069
http://secunia.com/advisories/37210	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920
http://www.securityfocus.com/bid/36894
http://www.vupen.com/english/advisories/2009/3106	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54069

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:runtimes_for_java_technology:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/37210 - Vendor Advisory~~	() http://secunia.com/advisories/37210 - Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920 -
References	~~() http://www.securityfocus.com/bid/36894 -~~	() http://www.securityfocus.com/bid/36894 -
References	~~() http://www.vupen.com/english/advisories/2009/3106 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/3106 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/54069 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/54069 -

Information

Published : 2009-11-03 16:30

Updated : 2024-11-21 01:08

NVD link : CVE-2009-3852

Mitre link : CVE-2009-3852

CVE.ORG link : CVE-2009-3852

JSON object : View

Products Affected

ibm

runtimes_for_java_technology

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-3852", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-11-03T16:30:12.610", "references": [{"url": "http://secunia.com/advisories/37210", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36894", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/3106", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54069", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37210", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ63920", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36894", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/3106", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54069", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the \"updated version of XML4J 4.4.17.\""}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el componente XML IBM Runtimes para Java Technology v5.0.0 anterior a SR10, tiene un impacto y vectores de ataque desconocidos, relacionados con la \"versi\u00f3n actualizada de XML4J v4.4.17.\""}], "lastModified": "2024-11-21T01:08:19.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:runtimes_for_java_technology:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC3E130-4F91-4F38-9ACC-E6F7789ED5FD", "versionEndIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}