Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-0809

The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object.

Published

2009-03-04T17:30:02.593

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	3ds	enovia_smarteam	≤ 5.18	Yes
Application	ibm	catia	≤ 5.18	Yes
Application	ibm	catia	5.16	Yes
Application	ibm	catia	5.17	Yes

References

http://secunia.com/advisories/34037 Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/33895 ([email protected])
http://www.vupen.com/english/advisories/2009/0525 Vendor Advisory ([email protected])
http://secunia.com/advisories/34037 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/33895 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0525 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)