CSRF Vulnerability in IBM WebSphere DataPower XC10 Appliance
CVE-2014-3058

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 11 December 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the IBM WebSphere DataPower XC10 appliance, enabling remote authenticated users to hijack the authentication mechanism of other users. This arises when requests are made to inject malicious XSS sequences, compromising the security integrity of user sessions. Affected versions include the IBM WebSphere DataPower XC10 appliance versions 2.1 and 2.5 before FP4, highlighting the importance of applying patches and adhering to secure development practices.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93532

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Apr 29, 2014