IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability Network Vulnerability

Summary

IBM WebSphere Application Server is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user and gain access to the affected application other attacks are also possible. IBM WebSphere Application Server versions prior to 8.0.0.1 are vulnerable other versions may also be affected.

Solution

Vendor fixes are available. Please see the references for more information.

References

http://www-01.ibm.com/software/websphere/
http://www-01.ibm.com/support/docview.wss?uid=swg24030916
http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8001
http://www.securityfocus.com/bid/49766

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Codebrws.asp Source Disclosure Vulnerability
Aspen Sever Directory Traversal Vulnerability
Ecava IntegraXor Directory Traversal Vulnerability
Apache Tomcat Request Object Security Bypass Vulnerability (Win)
IBM WebSphere Application Server Administration Directory Traversal Vulnerability

Take action and discover your vulnerabilities