Flash (Alert)
Abstract
There is a possible security exposure with certain versions of WebSphere Application Server that result in the user gaining elevated privileges. This impacts some of the sample web services that are bundled with the product.
Content
The IBM WebSphere Application Server team discovered a possible security exposure and published the following tech note:
Link: http://www-01.ibm.com/support/docview.wss?uid=swg21587536
Title: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)
Some sample web services are bundled with version 9.x of the product and they are implemented using JAX-WS, the latest Java web service specifications. After thorough analysis we have discovered that these web services are impacted by the WebSphere Application Server security exposure. Please review the tech note and take appropriate action.
Recommendation:
Upgrade to version 7.0.0.21 or later of the WebSphere Application Server.
Related information
| Segment | Product | Component | Platform | Version | Edition |
|---|---|---|---|---|---|
| Information Management | InfoSphere Master Data Management Collaboration Server | AIX, Linux, Solaris, Windows | 10.0 |
Product Alias/Synonym
MDMCS
Infosphere Master Data Management Collaboration Server
WPC
MDMPIM
MDM Server for PIM
WebSphere Product Center
InfoSphere MDM Server for PIM
InfoSphere Master Data Management Server for Product Information Management
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.