IBM Support

Security Fix Required: Access problems with BasicAuthTAI in WebSphere Portal

Flash (Alert)


IBM has identified a serious vulnerability in IBM WebSphere Portal in an authentication component that makes it possible for remote attackers over the network to bypass normal WebSphere Portal server security. Through this attack, an intruder might be able to execute administrative commands without proper authority.


** Note: This is a republish of an older flash. It does not affect WebSphere Portal or later releases. **

The Authentication code of WebSphere Portal can be bypassed under certain circumstances and grant access to an administrative account without knowledge of the credentials of this account.


This issue was reported to IBM Remote Technical Support and is corrected in the following releases:

Customers on versions 6.0.1, ,, and must apply the fix for APAR PK75304.
Customers on version (6.1) on non-z/OS platforms must also apply the fix for APAR PK75304.

Versions not listed above are not affected by this issue, or already have the fix integrated.

Cross reference information
Segment Product Component Platform Version Edition
Enterprise Content Management Workplace Web Content Management Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS,,,,, 6.0.1 Java edition
Enterprise Content Management IBM Web Content Manager Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows 6.1 Java edition
Organizational Productivity- Portals & Collaboration Lotus Quickr Security Linux, Windows 8.1.1, 8.1,, 8.0 All Editions

Document information

More support for: WebSphere Portal End of Support Products

Software version: 6.0.1,,,,,, 6.1

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition: Enable, Express, Extend, Server

Reference #: 1369956

Modified date: 04 February 2009

Translate this page: