CVE-2009-2085 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-2085 Interim 1 3 2021-06-09T08:50:14Z current 2021-05-30T12:47:32Z 2021-06-09T08:50:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-2085 The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). CVE-2009-2085 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P