The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.23 and 7.0 prior to 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ibm websphere application server 6.1.0.9 |
||
ibm websphere application server 6.1.0.8 |
||
ibm websphere application server 6.1.0.20 |
||
ibm websphere application server 6.1.0.2 |
||
ibm websphere application server 6.1.0.12 |
||
ibm websphere application server 6.1.0.11 |
||
ibm websphere application server 6.1.0.22 |
||
ibm websphere application server 7.0.0.1 |
||
ibm websphere application server 6.1.0.3 |
||
ibm websphere application server 6.1.0.21 |
||
ibm websphere application server 6.1.0.14 |
||
ibm websphere application server 6.1.0.13 |
||
ibm websphere application server 6.1 |
||
ibm websphere application server 7.0 |
||
ibm websphere application server 6.1.0.7 |
||
ibm websphere application server 6.1.0.6 |
||
ibm websphere application server 6.1.0.19 |
||
ibm websphere application server 6.1.0.18 |
||
ibm websphere application server 6.1.0.10 |
||
ibm websphere application server 6.1.0.1 |
||
ibm websphere application server 6.1.0.5 |
||
ibm websphere application server 6.1.0.4 |
||
ibm websphere application server 6.1.0.17 |
||
ibm websphere application server 6.1.0.16 |
||
ibm websphere application server 6.1.0.15 |
||
ibm websphere application server 6.1.0.0 |
||
ibm websphere application server 6.1.0 |
Vulmon