Published: 22/10/2016 Updated: 16/08/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The Administrative Console in IBM WebSphere Application Server (WAS) 7.x prior to 7.0.0.43, 8.0.x prior to 8.0.0.13, and 8.5.x prior to 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere application server 7.0.0.40
ibm websphere application server 8.5.5.9
ibm websphere application server 8.5.5.1
ibm websphere application server 8.5.5.0
ibm websphere application server 8.0.0.2
ibm websphere application server 8.0.0.3
ibm websphere application server 8.0.0.1
ibm websphere application server 8.0.0.0
ibm websphere application server 7.0.0.16
ibm websphere application server 7.0.0.17
ibm websphere application server 7.0.0.24
ibm websphere application server 7.0.0.25
ibm websphere application server 7.0.0.33
ibm websphere application server 7.0.0.34
ibm websphere application server 7.0.0.6
ibm websphere application server 7.0.0.7
ibm websphere application server 8.5.5.6
ibm websphere application server 8.5.5.5
ibm websphere application server 7.0.0.42
ibm websphere application server 7.0.0.41
ibm websphere application server 8.5.5.4
ibm websphere application server 8.5.5.3
ibm websphere application server 8.5.5.2
ibm websphere application server 8.0.0.11
ibm websphere application server 8.0.0.12
ibm websphere application server 8.0.0.8
ibm websphere application server 8.0.0.9
ibm websphere application server 7.0.0.14
ibm websphere application server 7.0.0.15
ibm websphere application server 7.0.0.22
ibm websphere application server 7.0.0.23
ibm websphere application server 7.0.0.31
ibm websphere application server 7.0.0.32
ibm websphere application server 7.0.0.4
ibm websphere application server 7.0.0.5
ibm websphere application server 8.5.0.0
ibm websphere application server 8.0.0.10
ibm websphere application server 8.0.0.6
ibm websphere application server 8.0.0.7
ibm websphere application server 7.0.0.11
ibm websphere application server 7.0.0.12
ibm websphere application server 7.0.0.13
ibm websphere application server 7.0.0.2
ibm websphere application server 7.0.0.21
ibm websphere application server 7.0.0.29
ibm websphere application server 7.0.0.3
ibm websphere application server 7.0.0.37
ibm websphere application server 7.0.0.38
ibm websphere application server 7.0.0.39
ibm websphere application server 7.0.0.0
ibm websphere application server 8.5.5.8
ibm websphere application server 8.5.5.7
ibm websphere application server 8.5.0.2
ibm websphere application server 8.5.0.1
ibm websphere application server 8.0.0.4
ibm websphere application server 8.0.0.5
ibm websphere application server 7.0.0.1
ibm websphere application server 7.0.0.10
ibm websphere application server 7.0.0.18
ibm websphere application server 7.0.0.19
ibm websphere application server 7.0.0.27
ibm websphere application server 7.0.0.28
ibm websphere application server 7.0.0.35
ibm websphere application server 7.0.0.36
ibm websphere application server 7.0.0.8
ibm websphere application server 7.0.0.9

CWE-200 http://www-01.ibm.com/support/docview.wss?uid=swg21980645 http://www-01.ibm.com/support/docview.wss?uid=swg1PI56917 http://www.securityfocus.com/bid/92514 http://www.securitytracker.com/id/1036653 https://nvd.nist.gov

CVE-2016-0377

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect