CVE-2016-0377

Опубликовано: 22 окт. 2016

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1PI56917
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21980645
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92514
http://www.securitytracker.com/id/1036653
http://www-01.ibm.com/support/docview.wss?uid=swg1PI56917
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21980645
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92514
http://www.securitytracker.com/id/1036653

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.28:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.39:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.40:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.41:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.42:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-q723-9g7p-28r9