Skip to main content

Software  >  WebSphere  >  WebSphere Portal Family  >  

Security Fix Required: Access problems with BasicAuthTAI in WebSphere Portal
 Flash (Alert)
 
Abstract
IBM has identified a serious vulnerability in IBM WebSphere Portal in an authentication component that makes it possible for remote attackers over the network to bypass normal WebSphere Portal server security. Through this attack, an intruder might be able to execute administrative commands without proper authority.
 
Content
Cause
The Authentication code of WebSphere Portal can be bypassed under certain circumstances and grant access to an administrative account without knowledge of the credentials of this account.

Solution
This issue was reported to IBM Remote Technical Support and is corrected in the following releases:

Customers on versions 6.0.1, 6.0.1.1 ,6.0.1.3, 6.0.1.4 and 6.0.1.5 must apply the fix for APAR PK75304.
Customers on version 6.1.0.0 (6.1) on non-z/OS platforms must also apply the fix for APAR PK75304.

Versions not listed above are not affected by this issue, or already have the fix integrated.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Enterprise Content ManagementWorkplace Web Content ManagementPortal IntegrationAIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS6.0.1.5, 6.0.1.4, 6.0.1.3, 6.0.1.2, 6.0.1.1, 6.0.1Java edition
Enterprise Content ManagementLotus Web Content ManagementPortal IntegrationAIX, HP-UX, i5/OS, Linux, Solaris, Windows6.1Java edition
Organizational Productivity- Portals & CollaborationLotus QuickrSecurityLinux, Windows8.1.1, 8.1, 8.0.0.2, 8.0All Editions
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Organizational Productivity, Portals & Collaboration
 Portals
 WebSphere Portal
 Security
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows, i5/OS, z/OS
 Software version:
  6.0.1, 6.0.1.0, 6.0.1.1, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.1
 Software edition:
  Enable, Express, Extend, Server
 Reference #:
  1369956
 IBM Group:
 Software Group
 Modified date:
 2009-02-04

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.