NVD

Id
49981  
Name
CVE-2009-2749  
Description
Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-12-08  
Modified Date
2009-12-23  
Seq
2009-2749  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
252933 49981 CVE-2009-2749 http://www-01.ibm.com/support/docview.wss?uid=swg27017328  View
252934 49981 CVE-2009-2749 37392  View
252935 49981 CVE-2009-2749 ADV-2009-3598  View
252936 49981 CVE-2009-2749 was-fbcea-collaboration-spoofing(54494)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
43862 JVNDB-2009-004869 Feature Pack for CEA におけるコラボレーションセッションを偽装される脆弱性 IBM WebSphere Application Server 用の Feature Pack for Communications Enabled Applications (CEA) は、予測可能なセッション値を使用するため、コラボレーションセッションを偽装される脆弱性が存在します。 CVE-2009-2749 40180 CVE-2009-2749 49981 6.4 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004869.html 2009-12-08 2012-09-25 View