Cross-Site Request Forgery in IBM WebSphere eXtreme Scale
CVE-2015-2026

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Extreme Scale
Vendor: CVE Published:; 4 October 2015

Summary

A CSRF vulnerability exists in IBM WebSphere eXtreme Scale versions 7.1.0 prior to 7.1.0.3 and 7.1.1 prior to 7.1.1.1. This flaw enables remote authenticated users to execute unauthorized actions by hijacking the authentication tokens of other users, potentially leading to the insertion of malicious XSS sequences within requests.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21966044

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 4, 2015
Vulnerability Reserved
Feb 19, 2015