Description
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
References (1)
Core 1
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565
Scores
EPSS
0.0097
EPSS Percentile
57.8%
Details
CWE
CWE-20
Status
published
Products (1)
ibm/websphere_application_server
6.1.0.9
Published
Feb 15, 2011
Tracked Since
Feb 18, 2026