CVE-2010-3271

IBM WebSphere Application Server <7.0.0.13 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3271. PoCs published by Core Security.

AI-analyzed exploit summary This advisory details a CSRF vulnerability in IBM WebSphere Application Server's administrative console, where certain areas fail to validate the 'csrfid' token, allowing attackers to disable security features via crafted requests.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textwebappsmultiple

https://www.exploit-db.com/exploits/17404

View Code ZIP pw:eip

This advisory details a CSRF vulnerability in IBM WebSphere Application Server's administrative console, where certain areas fail to validate the 'csrfid' token, allowing attackers to disable security features via crafted requests.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: IBM WebSphere Application Server 7.0.0.11, 7.0.0.13

Auth required

Prerequisites: Logged-in administrator session · Victim visits malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/518465/100/0/threaded

Exploit x_refsource_misc

http://www.coresecurity.com/content/IBM-WebSphere-CSRF

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48305

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/17404

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8281

Scores

EPSS 0.0210

EPSS Percentile 79.2%

Details

CWE

CWE-352

Status published

Products (50)

ibm/websphere_application_server 2.0

ibm/websphere_application_server 3.0

ibm/websphere_application_server 3.0.2

ibm/websphere_application_server 3.0.2.1

ibm/websphere_application_server 3.0.2.2

ibm/websphere_application_server 3.0.2.3

ibm/websphere_application_server 3.0.2.4

ibm/websphere_application_server 3.0.21

ibm/websphere_application_server 3.5

ibm/websphere_application_server 3.5.1

... and 40 more

Published Jul 18, 2011

Tracked Since Feb 18, 2026