CVE-2009-0906

IBM Websphere Application Server - Authentication Bypass

Title source: rule

Description

The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors.

References (4)

[Various Sources] http://www-1.ibm.com/support/docview.wss?uid=swg1PK86047

[Vendor Advisory] http://secunia.com/advisories/36306

[Patch] http://www-01.ibm.com/support/docview.wss?uid=swg27015429

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52074

Scores

EPSS 0.0034

EPSS Percentile 56.1%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

ibm/websphere_application_server

Timeline

Published Aug 13, 2009

Tracked Since Feb 18, 2026