The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-08-13T18:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2009-06-16T00:00:00
Link: CVE-2009-2085
JSON object: View
NVD Information
Status : Modified
Published: 2009-08-13T18:30:00.483
Modified: 2017-08-17T01:30:39.130
Link: CVE-2009-2085
JSON object: View
Redhat Information
No data.
CWE