Cross-Site Request Forgery Vulnerability in IBM WebSphere Application Server
CVE-2017-1194

8.8HIGH

Key Information:

Vendor

IBM
Status
IBM Websphere Application Server
Vendor
CVE Published:
28 April 2017

What is CVE-2017-1194?

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 are susceptible to a cross-site request forgery vulnerability. This issue could enable an attacker to perform unauthorized actions on behalf of a trusted user, leveraging the trust established by the server. Malicious requests could be transmitted without the user's consent, allowing an attacker to exploit this vulnerability for various attacks. For further details on mitigation and coding approaches to enhance security, refer to the IBM documentation and security assessments.

Affected Version(s)

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0

References

http://www.securityfocus.com/bid/98142
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22001226
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038378
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.