Possible security exposure with WS-Security-enabled applications using LTPA tokens affecting IBM Business Process Manager (BPM) Advanced, WebSphere Enterprise Service Bus (WESB), and WebSphere Process Server (WPS)

Flash (Alert)


Abstract

There is a possible security exposure when you use WS-Security, which can result in a user gaining elevated privileges. This issue impacts applications that are using either JAX-WS and JAX-RPC.

Content

This WebSphere Application Server issue affects the following products in the Business Process Management family of products due to the WebSphere Application Server underlying infrastructure:

  • IBM Business Process Manager Advanced
  • WebSphere Enterprise Service Bus
  • WebSphere Process Server

For more information on this WebSphere Application Server issue, see Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181).


Cross reference information
Segment Product Component Platform Version Edition
Business Integration IBM Business Process Manager Advanced Not Applicable AIX, Linux, Linux zSeries, Solaris, Windows, z/OS 8.0, 7.5.1, 7.5.0.1, 7.5
Business Integration WebSphere Process Server Not Applicable AIX, HP-UX, i5/OS, Linux, Linux zSeries, Solaris, Windows, z/OS 7.0.0.5, 7.0.0.4, 7.0.0.3, 7.0.0.2, 7.0.0.1, 7.0, 6.2.0.3, 6.2.0.2, 6.2.0.1, 6.2, 6.1.2.3, 6.1.2.2, 6.1.2.1, 6.1.2, 6.1.0.4, 6.1.0.3, 6.1.0.2, 6.1.0.1, 6.1

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere Enterprise Service Bus

Software version:

6.1, 6.1.2, 6.2, 7.0, 7.5, 7.5.0.1, 7.5.1

Operating system(s):

AIX, HP-UX, Linux, Linux iSeries, Linux pSeries, Linux xSeries, Linux zSeries, Solaris, Windows, i5/OS, z/OS

Reference #:

1605071

Modified date:

2012-07-23

Translate my page

Machine Translation

Content navigation