Unrated severityNVD Advisory· Published Feb 17, 2009· Updated Jun 16, 2026
CVE-2009-0504
CVE-2009-0504
Description
WSPolicy in the Web Services component in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.1 does not properly recognize the IDAssertion.isUsed binding property, which allows local users to discover a password by reading a SOAP message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*range: <=7.0
- (no CPE)range: <7.0.0.1
Patches
Vulnerability mechanics
References
3- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www-1.ibm.com/support/docview.wssnvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/48700nvd
News mentions
0No linked articles in our index yet.