IBM Support

Possible security exposure with WS-Security-enabled applications using LTPA tokens affecting IBM Business Process Manager (BPM) Advanced, WebSphere Enterprise Service Bus (WESB), and WebSphere Process Server (WPS)

Flash (Alert)


There is a possible security exposure when you use WS-Security, which can result in a user gaining elevated privileges. This issue impacts applications that are using either JAX-WS and JAX-RPC.


This WebSphere Application Server issue affects the following products in the Business Process Management family of products due to the WebSphere Application Server underlying infrastructure:

  • IBM Business Process Manager Advanced
  • WebSphere Enterprise Service Bus
  • WebSphere Process Server

For more information on this WebSphere Application Server issue, see Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181).

Cross reference information
Segment Product Component Platform Version Edition
Business Integration IBM Business Process Manager Advanced Not Applicable AIX, Linux, Linux zSeries, Solaris, Windows, z/OS 8.0, 7.5.1,, 7.5
Business Integration WebSphere Process Server Not Applicable AIX, HP-UX, i5/OS, Linux, Linux zSeries, Solaris, Windows, z/OS,,,,, 7.0,,,, 6.2,,,, 6.1.2,,,,, 6.1

Document information

More support for: WebSphere Enterprise Service Bus

Software version: 6.1, 6.1.2, 6.2, 7.0, 7.5,, 7.5.1

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Reference #: 1605071

Modified date: 23 July 2012

Translate this page: