Published: 21/08/2013 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Websphere Application Server

Cross-site request forgery (CSRF) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.47, 7.0 prior to 7.0.0.31, 8.0 prior to 8.0.0.7, and 8.5 prior to 8.5.5.1 allows remote malicious users to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere application server 8.0.0.0
ibm websphere application server 8.0.0.1
ibm websphere application server 8.0.0.2
ibm websphere application server 8.0.0.3
ibm websphere application server 8.0.0.4
ibm websphere application server 8.0.0.5
ibm websphere application server 8.0.0.6
ibm websphere application server 7.0.0.29
ibm websphere application server 7.0
ibm websphere application server 7.0.0.15
ibm websphere application server 7.0.0.16
ibm websphere application server 7.0.0.23
ibm websphere application server 7.0.0.24
ibm websphere application server 7.0.0.7
ibm websphere application server 7.0.0.8
ibm websphere application server 7.0.0.9
ibm websphere application server 7.0.0.1
ibm websphere application server 7.0.0.10
ibm websphere application server 7.0.0.17
ibm websphere application server 7.0.0.18
ibm websphere application server 7.0.0.25
ibm websphere application server 7.0.0.27
ibm websphere application server 7.0.0.11
ibm websphere application server 7.0.0.12
ibm websphere application server 7.0.0.19
ibm websphere application server 7.0.0.2
ibm websphere application server 7.0.0.3
ibm websphere application server 7.0.0.4
ibm websphere application server 7.0.0.13
ibm websphere application server 7.0.0.14
ibm websphere application server 7.0.0.21
ibm websphere application server 7.0.0.22
ibm websphere application server 7.0.0.5
ibm websphere application server 7.0.0.6
ibm websphere application server 8.5.0.0
ibm websphere application server 8.5.0.1
ibm websphere application server 8.5.0.2
ibm websphere application server 6.1.0
ibm websphere application server 6.1.0.0
ibm websphere application server 6.1.0.17
ibm websphere application server 6.1.0.19
ibm websphere application server 6.1.0.31
ibm websphere application server 6.1.0.33
ibm websphere application server 6.1.0.5
ibm websphere application server 6.1.0.7
ibm websphere application server 6.1.6
ibm websphere application server 6.1.7
ibm websphere application server 6.1.0.1
ibm websphere application server 6.1.0.11
ibm websphere application server 6.1.0.2
ibm websphere application server 6.1.0.21
ibm websphere application server 6.1.0.35
ibm websphere application server 6.1.0.37
ibm websphere application server 6.1.0.9
ibm websphere application server 6.1.1
ibm websphere application server 6.1.0.12
ibm websphere application server 6.1.0.13
ibm websphere application server 6.1.0.23
ibm websphere application server 6.1.0.25
ibm websphere application server 6.1.0.39
ibm websphere application server 6.1.0.41
ibm websphere application server 6.1.13
ibm websphere application server 6.1.14
ibm websphere application server 6.1
ibm websphere application server 6.1.0.14
ibm websphere application server 6.1.0.15
ibm websphere application server 6.1.0.27
ibm websphere application server 6.1.0.29
ibm websphere application server 6.1.0.3
ibm websphere application server 6.1.0.43
ibm websphere application server 6.1.0.45
ibm websphere application server 6.1.3
ibm websphere application server 6.1.5

CWE-352 http://www-01.ibm.com/support/docview.wss?uid=swg1PM88746 http://www-01.ibm.com/support/docview.wss?uid=swg21644047 https://exchange.xforce.ibmcloud.com/vulnerabilities/84591 https://nvd.nist.gov

Get Started

CVE-2013-3029

Vulnerability Summary

References

Vulmon Search

About

Products

Connect