Vulnerability Description
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 6.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463Patch
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK83097
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52076
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951Patch
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463Patch
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK83097
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52076
FAQ
What is CVE-2009-2085?
CVE-2009-2085 is a vulnerability with a CVSS score of 7.5 (HIGH). The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote ...
How severe is CVE-2009-2085?
CVE-2009-2085 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2085?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.