Support & downloads

IBM Tivoli Identity Manager Express
Tivoli
Products
Solutions
Software Demos
Technical resources
News
Events
Success stories
Training
Services
Community
How to buy
Support

Software > Tivoli > Products > IBM Tivoli Identity Manager Express >

Potential risk when using Web based applications on WebSphere Application Server (PK81387)

Flash (Alert)

Abstract

Potential risk when using Web based applications on WebSphere Application Server.

Content

Affected Versions:
This problem affects the following IBM WebSphere Application Server versions:
Version 5.1 through 5.1.1.19
Version 6.0 through 6.0.2.33
Version 6.1 through 6.1.0.22
Version 7.0 through 7.0.0.1 (7.0.0.2 does not exist)

This problem does not occur on the following versions:
Version 6.0.2.35 (6.0.2.34 for WebSphere Application Server for z/OS) or later
Version 6.1.0.23 or later
Version 7.0.0.3 or later

Problem Description:
Customers who have Web based applications including Web services applications running on WebSphere Application
Server have a risk for an attacker having the ability to remote display or execute files on the server contained within
a war file, including files under the web-inf and meta-inf directories. In addition, there is a potential risk for customers
who are using the WebSphere administrative console with administrative security disabled.

Please follow the link below to the WebSphere Application Server Flash for further information

Related information

Link to WebSphere Flash

Cross Reference information

Segment	Product	Platform	Version
Security	IBM Tivoli Access Manager for Business Integration	AIX, HP-UX, Linux, Solaris, Windows	5.1
Security	IBM Tivoli Access Manager for e-business	All Platforms	5.1, 6.0, 6.1
Security	IBM Tivoli Access Manager for Operating Systems	AIX, HP-UX, Linux, Solaris	5.1, 6.0
Security	IBM Tivoli Directory Integrator	All Platforms	Version Independent
Security	IBM Tivoli Directory Server	AIX, HP-UX, Linux, Solaris, Windows	5.1, 6.0, 6.1, 6.2
Security	IBM Tivoli Federated Identity Manager	AIX, HP-UX, Linux, Solaris, Windows	6.0, 6.1, 6.1.1, 6.2
Security	IBM Tivoli Federated Identity Manager Business Gateway	AIX, HP-UX, Linux, Solaris, Windows	6.0, 6.1.1, 6.1, 6.2
Security	IBM Tivoli Identity and Access Manager	AIX, HP-UX, Linux, Solaris, Windows	All Versions
Security	IBM Tivoli Identity Manager Express	AIX, Windows	4.6
Security	IBM Tivoli Security Policy Manager	AIX, HP-UX, Linux, Solaris, Windows	7.0
Security	IBM Tivoli Unified Single Sign-On	AIX, HP-UX, Linux, Solaris, Windows	All Versions
Security	IBM Tivoli Privacy Manager for e-business	AIX, HP-UX, Linux, Solaris, Windows	1.2
Security	IBM Tivoli Compliance Insight Manager	Windows	All Versions
Security	IBM Tivoli Security Information and Event Manager	AIX, Solaris, Windows	All Versions

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Document information


Product categories:

	Software

	Security

	Identity Management

	IBM Tivoli Identity Manager Express


Operating system(s):
	AIX, HP-UX, Linux, Solaris, Windows

Software version:
	4.6, 5.0

Reference #:
	1380233

IBM Group:
	Software Group

Modified date:
	2009-04-29

Translate My Page

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.