Flash (Alert)
Abstract
There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC.
Content
There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC.
WebSphere versions affected:
- WebSphere Application Server, all platforms, Versions 8.0 through 8.0.0.2, 7.0 through 7.0.0.21, and 6.1 through 6.1.0.41, 6.0.2 through 6.0.2.43.
- WebSphere Application Server Feature Pack for Web Services Versions 6.1.0.9 through 6.1.0.39.
WebSphere versions not impacted:
For JAX-WS Runtime:
- WebSphere Application Server Versions 8.0.0.2 and later, and 7.0.0.21 and later.
- WebShere Application Server Feature Pack for Web Services Versions 6.1.0.41 and later,
- For JAX-RPC Runtime:
- WebSphere Application Server Versions 8.0.0.3 and later, 7.0.0.23 and later, and 6.1.0.43 and later,
For a full description, affected product releases, and APARs/fixes, please see the complete published Security Exposure (ESAR) Flash for PM43585, PM43792, and PM45181 at:
http://www-01.ibm.com/support/docview.wss?uid=swg21587536
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.