CVE-2010-3271
N/A
N/A
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/518465/100/0/threaded
- http://www.coresecurity.com/content/IBM-WebSphere-CSRF
- http://www.securityfocus.com/bid/48305
- http://www.exploit-db.com/exploits/17404
- http://securityreason.com/securityalert/8281
References
- http://www.securityfocus.com/archive/1/518465/100/0/threaded
- http://www.coresecurity.com/content/IBM-WebSphere-CSRF
- http://www.securityfocus.com/bid/48305
- http://www.exploit-db.com/exploits/17404
- http://securityreason.com/securityalert/8281
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.