CVE-2015-2026

Опубликовано: 04 окт. 2015

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21966044
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21966044
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00101

Низкий

6 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-7753-jvjf-pfjp

github

больше 3 лет назад