VID |
22786 |
Severity |
30 |
Port |
8880, ... |
Protocol |
TCP |
Class |
WWW |
Detailed Description |
The version of IBM WebSphere Application Server running on the remote host is 7.0 prior to 7.0.0.45. It is, therefore, affected by a cross-site request forgery (XSRF) vulnerability in the OAuth service provider due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to follow a specially crafted link, to perform unintended actions.
* references : http://www-01.ibm.com/support/docview.wss?uid=swg22001226 |
Recommendation |
'Upgrade to the latest version of IBM WebSphere Application Server 7.0.0.45 or later, available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg22001226 |
Related URL |
CVE-2017-1194 (CVE) |
Related URL |
98142 (SecurityFocus) |
Related URL |
(ISS) |
|