CVE-2014-3058

Currently unrated

Key Information:

Vendor
IBM
Status
Websphere Datapower Xc10 Appliance Firmware
Vendor
CVE Published:
11 December 2014

Summary

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93532
vdb-entryx_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21691035
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.