Unrated severityNVD Advisory· Published Feb 17, 2009· Updated Apr 23, 2026

CVE-2009-0504

Description

WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.

Affected products

IBM/Websphere Application Server
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
Range: <=7.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
www-1.ibm.com/support/docview.wssnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/48700nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000