AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2011-1209: IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryptio

infovulnerability

security

Source: NVD/CVE DatabaseMay 4, 2011CVE-2011-1209

Summary

IBM WebSphere Application Server (WAS) versions 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 use a weak encryption algorithm in WS-Security (a security standard for XML-based web services). This weakness allows remote attackers to decrypt sensitive data from web service requests through a decryption attack, potentially exposing plaintext information.

Solution / Mitigation

Upgrade IBM WebSphere Application Server to version 6.1.0.39 or later (for version 6.1 users) or version 7.0.0.17 or later (for version 7.0 users).

Vulnerability Details

CVSS Score

4.3

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-310

Original source: https://nvd.nist.gov/vuln/detail/CVE-2011-1209

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%