CVE-2008-7274

IBM WebSphere Application Server WAS 6.1.0.9 - Auth Bypass

Title source: llm
STIX 2.1

Description

IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.

References (1)

Core 1
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565

Scores

EPSS 0.0097
EPSS Percentile 57.8%

Details

CWE
CWE-20
Status published
Products (1)
ibm/websphere_application_server 6.1.0.9
Published Feb 15, 2011
Tracked Since Feb 18, 2026