The Security component in IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.25 and 7.0 prior to 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote malicious users to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ibm websphere application server 6.1.0.19 |
||
ibm websphere application server 6.1.0.24 |
||
ibm websphere application server 6.1.0.23 |
||
ibm websphere application server 6.1.0.15 |
||
ibm websphere application server 6.1.0.7 |
||
ibm websphere application server 6.1.0.13 |
||
ibm websphere application server 6.1.0.12 |
||
ibm websphere application server 6.1 |
||
ibm websphere application server 6.1.0.4 |
||
ibm websphere application server 6.1.0.21 |
||
ibm websphere application server 6.1.0.2 |
||
ibm websphere application server 6.1.0.3 |
||
ibm websphere application server 6.1.0.0 |
||
ibm websphere application server 6.1.0 |
||
ibm websphere application server 7.0.0.4 |
||
ibm websphere application server 7.0.0.3 |
||
ibm websphere application server 6.1.0.8 |
||
ibm websphere application server 6.1.0.6 |
||
ibm websphere application server 6.1.0.1 |
||
ibm websphere application server 6.1.0.16 |
||
ibm websphere application server 6.1.0.14 |
||
ibm websphere application server 6.1.0.17 |
||
ibm websphere application server 6.1.0.18 |
||
ibm websphere application server 7.0 |
||
ibm websphere application server 6.1.0.20 |
||
ibm websphere application server 6.1.0.22 |
||
ibm websphere application server 6.1.0.10 |
||
ibm websphere application server 6.1.0.5 |
||
ibm websphere application server 6.1.0.9 |
||
ibm websphere application server 6.1.0.11 |
||
ibm websphere application server 7.0.0.1 |
Vulmon