CVE-2009-1172
CRITICAL
10.0
CVSS Severity Score
Vulnerability Description
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
Affected Platforms (CPE)
📦
Ibm
Websphere Application Server
= 6.1📦
Ibm
Websphere Application Server
= 6.1.0📦
Ibm
Websphere Application Server
= 6.1.0.0📦
Ibm
Websphere Application Server
= 6.1.0.1📦
Ibm
Websphere Application Server
= 6.1.0.2📦
Ibm
Websphere Application Server
= 6.1.0.3📦
Ibm
Websphere Application Server
= 6.1.0.4📦
Ibm
Websphere Application Server
= 6.1.0.5📦
Ibm
Websphere Application Server
= 6.1.0.6📦
Ibm
Websphere Application Server
= 6.1.0.7📦
Ibm
Websphere Application Server
= 6.1.0.8📦
Ibm
Websphere Application Server
= 6.1.0.9📦
Ibm
Websphere Application Server
= 6.1.0.10📦
Ibm
Websphere Application Server
= 6.1.0.11📦
Ibm
Websphere Application Server
= 6.1.0.12📦
Ibm
Websphere Application Server
= 6.1.0.13📦
Ibm
Websphere Application Server
= 6.1.0.14📦
Ibm
Websphere Application Server
= 6.1.0.15📦
Ibm
Websphere Application Server
= 6.1.0.16📦
Ibm
Websphere Application Server
= 6.1.0.17📦
Ibm
Websphere Application Server
= 6.1.0.18📦
Ibm
Websphere Application Server
= 6.1.0.19📦
Ibm
Websphere Application Server
= 6.1.0.20📦
Ibm
Websphere Application Server
= 6.1.0.21📦
Ibm
Websphere Application Server
= 6.1.0.22📦
Ibm
Websphere Application Server
= 7.0📦
Ibm