6

CVE-2014-4816

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version6.0.0.1
IbmWebsphere Application Server Version6.0.0.2
IbmWebsphere Application Server Version6.0.0.3
IbmWebsphere Application Server Version6.0.1.1
IbmWebsphere Application Server Version6.0.1.2
IbmWebsphere Application Server Version6.0.1.3
IbmWebsphere Application Server Version6.0.1.5
IbmWebsphere Application Server Version6.0.1.7
IbmWebsphere Application Server Version6.0.1.9
IbmWebsphere Application Server Version6.0.1.11
IbmWebsphere Application Server Version6.0.1.13
IbmWebsphere Application Server Version6.0.1.15
IbmWebsphere Application Server Version6.0.1.17
IbmWebsphere Application Server Version6.0.2.1
IbmWebsphere Application Server Version6.0.2.2
IbmWebsphere Application Server Version6.0.2.3
IbmWebsphere Application Server Version6.0.2.4
IbmWebsphere Application Server Version6.0.2.5
IbmWebsphere Application Server Version6.0.2.6
IbmWebsphere Application Server Version6.0.2.7
IbmWebsphere Application Server Version6.0.2.9
IbmWebsphere Application Server Version6.0.2.11
IbmWebsphere Application Server Version6.0.2.13
IbmWebsphere Application Server Version6.0.2.15
IbmWebsphere Application Server Version6.0.2.17
IbmWebsphere Application Server Version6.0.2.19
IbmWebsphere Application Server Version6.0.2.22
IbmWebsphere Application Server Version6.0.2.23
IbmWebsphere Application Server Version6.0.2.24
IbmWebsphere Application Server Version6.0.2.25
IbmWebsphere Application Server Version6.0.2.27
IbmWebsphere Application Server Version6.0.2.28
IbmWebsphere Application Server Version6.0.2.29
IbmWebsphere Application Server Version6.0.2.30
IbmWebsphere Application Server Version6.0.2.31
IbmWebsphere Application Server Version6.0.2.32
IbmWebsphere Application Server Version6.0.2.33
IbmWebsphere Application Server Version6.0.2.35
IbmWebsphere Application Server Version6.0.2.37
IbmWebsphere Application Server Version6.0.2.39
IbmWebsphere Application Server Version6.0.2.41
IbmWebsphere Application Server Version6.0.2.43
IbmWebsphere Application Server Version6.1.0.0
IbmWebsphere Application Server Version6.1.0.1
IbmWebsphere Application Server Version6.1.0.2
IbmWebsphere Application Server Version6.1.0.3
IbmWebsphere Application Server Version6.1.0.5
IbmWebsphere Application Server Version6.1.0.7
IbmWebsphere Application Server Version6.1.0.9
IbmWebsphere Application Server Version6.1.0.11
IbmWebsphere Application Server Version6.1.0.12
IbmWebsphere Application Server Version6.1.0.13
IbmWebsphere Application Server Version6.1.0.14
IbmWebsphere Application Server Version6.1.0.15
IbmWebsphere Application Server Version6.1.0.17
IbmWebsphere Application Server Version6.1.0.19
IbmWebsphere Application Server Version6.1.0.21
IbmWebsphere Application Server Version6.1.0.23
IbmWebsphere Application Server Version6.1.0.25
IbmWebsphere Application Server Version6.1.0.27
IbmWebsphere Application Server Version6.1.0.29
IbmWebsphere Application Server Version6.1.0.31
IbmWebsphere Application Server Version6.1.0.33
IbmWebsphere Application Server Version6.1.0.35
IbmWebsphere Application Server Version6.1.0.37
IbmWebsphere Application Server Version6.1.0.39
IbmWebsphere Application Server Version6.1.0.41
IbmWebsphere Application Server Version6.1.0.43
IbmWebsphere Application Server Version6.1.0.45
IbmWebsphere Application Server Version6.1.0.47
IbmWebsphere Application Server Version7.0.0.1
IbmWebsphere Application Server Version7.0.0.2
IbmWebsphere Application Server Version7.0.0.3
IbmWebsphere Application Server Version7.0.0.4
IbmWebsphere Application Server Version7.0.0.5
IbmWebsphere Application Server Version7.0.0.6
IbmWebsphere Application Server Version7.0.0.7
IbmWebsphere Application Server Version7.0.0.8
IbmWebsphere Application Server Version7.0.0.9
IbmWebsphere Application Server Version7.0.0.10
IbmWebsphere Application Server Version7.0.0.11
IbmWebsphere Application Server Version7.0.0.12
IbmWebsphere Application Server Version7.0.0.13
IbmWebsphere Application Server Version7.0.0.14
IbmWebsphere Application Server Version7.0.0.15
IbmWebsphere Application Server Version7.0.0.16
IbmWebsphere Application Server Version7.0.0.17
IbmWebsphere Application Server Version7.0.0.18
IbmWebsphere Application Server Version7.0.0.19
IbmWebsphere Application Server Version7.0.0.21
IbmWebsphere Application Server Version7.0.0.22
IbmWebsphere Application Server Version7.0.0.23
IbmWebsphere Application Server Version7.0.0.24
IbmWebsphere Application Server Version7.0.0.25
IbmWebsphere Application Server Version7.0.0.27
IbmWebsphere Application Server Version7.0.0.29
IbmWebsphere Application Server Version7.0.0.31
IbmWebsphere Application Server Version7.0.0.33
IbmWebsphere Application Server Version8.0.0.0
IbmWebsphere Application Server Version8.0.0.1
IbmWebsphere Application Server Version8.0.0.2
IbmWebsphere Application Server Version8.0.0.3
IbmWebsphere Application Server Version8.0.0.4
IbmWebsphere Application Server Version8.0.0.5
IbmWebsphere Application Server Version8.0.0.6
IbmWebsphere Application Server Version8.0.0.7
IbmWebsphere Application Server Version8.0.0.8
IbmWebsphere Application Server Version8.0.0.9
IbmWebsphere Application Server Version8.5.0.0
IbmWebsphere Application Server Version8.5.0.1
IbmWebsphere Application Server Version8.5.0.2
IbmWebsphere Application Server Version8.5.5.0
IbmWebsphere Application Server Version8.5.5.2
IbmWebsphere Application Server Version8.5.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.04% 0.596
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://secunia.com/advisories/61418
http://secunia.com/advisories/61423
http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055
http://www-01.ibm.com/support/docview.wss?uid=swg21682767
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/573356
US Government Resource
http://www.securityfocus.com/bid/69980
https://exchange.xforce.ibmcloud.com/vulnerabilities/95402