Flashes (Alerts)
Abstract
There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC.
Content
There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC.
WebSphere versions affected:
- WebSphere Application Server, all platforms, Versions 8.0 through 8.0.0.2, 7.0 through 7.0.0.21, and 6.1 through 6.1.0.41, 6.0.2 through 6.0.2.43.
- WebSphere Application Server Feature Pack for Web Services Versions 6.1.0.9 through 6.1.0.39.
WebSphere versions not impacted:
For JAX-WS Runtime:
- WebSphere Application Server Versions 8.0.0.2 and later, and 7.0.0.21 and later.
- WebShere Application Server Feature Pack for Web Services Versions 6.1.0.41 and later,
- For JAX-RPC Runtime:
- WebSphere Application Server Versions 8.0.0.3 and later, 7.0.0.23 and later, and 6.1.0.43 and later,
For a full description, affected product releases, and APARs/fixes, please see the complete published Security Exposure (ESAR) Flash for PM43585, PM43792, and PM45181 at:
http://www-01.ibm.com/support/docview.wss?uid=swg21587536
[{"Product":{"code":"SSNGTE","label":"Tivoli Security Policy Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21605397