Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Core Security · textwebappsmultiple
https://www.exploit-db.com/exploits/17404
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518465/100/0/threaded
Exploit x_refsource_misc
http://www.coresecurity.com/content/IBM-WebSphere-CSRF
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48305
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17404
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8281
Scores
EPSS
0.0061
EPSS Percentile
69.8%
Details
CWE
CWE-352
Status
published
Products (50)
ibm/websphere_application_server
2.0
ibm/websphere_application_server
3.0
ibm/websphere_application_server
3.0.2
ibm/websphere_application_server
3.0.2.1
ibm/websphere_application_server
3.0.2.2
ibm/websphere_application_server
3.0.2.3
ibm/websphere_application_server
3.0.2.4
ibm/websphere_application_server
3.0.21
ibm/websphere_application_server
3.5
ibm/websphere_application_server
3.5.1
... and 40 more
Published
Jul 18, 2011
Tracked Since
Feb 18, 2026