IBM Support

Possible security exposure of sample web services bundled with the product

Flashes (Alerts)


Abstract

There is a possible security exposure with certain versions of WebSphere Application Server that result in the user gaining elevated privileges. This impacts some of the sample web services that are bundled with the product.

Content

The IBM WebSphere Application Server team discovered a possible security exposure and published the following tech note:
Link: http://www-01.ibm.com/support/docview.wss?uid=swg21587536
Title: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)

Some sample web services are bundled with version 9.x of the product and they are implemented using JAX-WS, the latest Java web service specifications. After thorough analysis we have discovered that these web services are impacted by the WebSphere Application Server security exposure. Please review the tech note and take appropriate action.

Recommendation:
Upgrade to version 7.0.0.21 or later of the WebSphere Application Server.

Related Information

Parent WAS tech note

[{"Product":{"code":"SSLKUM","label":"InfoSphere Master Data Management Server for Product Information Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Application Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0;9.1","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SS2U2U","label":"InfoSphere Master Data Management Collaboration Server"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":null,"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"10.0","Edition":"","Line of Business":{"code":"","label":""}}]

Product Synonym

MDMCS;Infosphere Master Data Management Collaboration Server;WPC ;MDMPIM;MDM Server for PIM;WebSphere Product Center;InfoSphere MDM Server for PIM;InfoSphere Master Data Management Server for Product Information Management

Document Information

Modified date:
25 September 2022

UID

swg21601149

Page Feedback