AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2009-1172: The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 bef

infovulnerability

security

Source: NVD/CVE DatabaseMarch 31, 2009CVE-2009-1172

Summary

A vulnerability (CVE-2009-1172) exists in IBM WebSphere Application Server (WAS), a platform for running web applications, versions 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 when a specific patch is installed. The flaw is in the JAX-RPC WS-Security runtime (components that handle secure web service communication), which fails to properly validate UsernameToken objects (credentials used to authenticate users), potentially allowing unauthorized access through unknown methods.

Vulnerability Details

CVSS Score

10

EPSS (30-day exploit probability)

EPSS: 1.5%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-20

Original source: https://nvd.nist.gov/vuln/detail/CVE-2009-1172

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%