CVE-2009-2085
N/A
N/A
Summary
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52076
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK83097
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
References
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52076
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK83097
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.