The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 up to and including 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote malicious users to obtain sensitive information by sniffing network sessions that were expected to be encrypted.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere application server 7.0 |
||
ibm websphere application server 7.0.0.1 |
||
ibm websphere application server 7.0.0.3 |
||
ibm websphere application server 7.0.0.5 |
||
ibm websphere application server 7.0.0.7 |
||
ibm websphere application server 7.0.0.8 |