Session Hijacking Vulnerability in IBM WebSphere DataPower XC10
CVE-2015-1893

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 6 April 2015

Summary

The IBM WebSphere DataPower XC10 appliance version 2.1 prior to 2.1.0.3 is susceptible to a session hijacking vulnerability that enables remote attackers to impersonate legitimate users. This exploitation facilitates unauthorized access to sensitive information and allows the malicious entities to modify critical data through unspecified attack vectors. The vulnerability underscores the necessity for prompt updates and enhanced security measures to protect user sessions and sensitive data.

References

http://www.securitytracker.com/id/1032025

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21701337

x_refsource_CONFIRM

http://www.securityfocus.com/bid/73916

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 6, 2015
Vulnerability Reserved
Feb 19, 2015