| VID |
22789 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of IBM WebSphere Application Server running on the remote host is 9.0 prior to 9.0.0.4. It is, therefore, affected by a cross-site request forgery (XSRF) vulnerability in the OAuth service provider due to a failure to require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. An unauthenticated, remote attacker can exploit this vulnerability, by convincing a user to follow a specially crafted link, to perform unintended actions.
* refereces :
http://www-01.ibm.com/support/docview.wss?uid=swg22001226 |
| Recommendation |
'Upgrade to the latest version of IBM WebSphere Application Server 9.0.0.4 or later, available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg22001226 |
| Related URL |
CVE-2017-1194 (CVE) |
| Related URL |
98142 (SecurityFocus) |
| Related URL |
(ISS) |
|
