CVE-2009-0899

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 through 6.1.0.24 IBM WebSphere Application Server versions 7.0 through 7.0.0.4 IBM WebSphere Portal Server versions 5.1 through 6.0 IBM Integrated Solutions Console version 6.0.1

Description The issue arises from the improper setting of the IsSecurityEnabled security flag during the migration of WebSphere Member Manager to Virtual Member Manager and a Federated Repository. This allows attackers to obtain sensitive information from repositories.

Recommendations For IBM WebSphere Application Server versions 6.1 through 6.1.0.24, update to a version that properly sets the IsSecurityEnabled flag. For IBM WebSphere Application Server versions 7.0 through 7.0.0.4, update to a version that properly sets the IsSecurityEnabled flag. For IBM WebSphere Portal Server versions 5.1 through 6.0, update to a version that properly sets the IsSecurityEnabled flag. For IBM Integrated Solutions Console version 6.0.1, update to a version that properly sets the IsSecurityEnabled flag.