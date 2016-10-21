IBM Websphere Application Server 7.0.0.0 Obtain Information CSRF Vulnerability
22 Feb. 2017
Summary
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via vectors.
Vulnerable Systems:
* IBM Websphere Application Server 7.0.0.0
* IBM Websphere Application Server 7.0.0.1
* IBM Websphere Application Server 7.0.0.2
* IBM Websphere Application Server 7.0.0.3
* IBM Websphere Application Server 7.0.0.4
* IBM Websphere Application Server 7.0.0.5
* IBM Websphere Application Server 7.0.0.6
* IBM Websphere Application Server 7.0.0.7
* IBM Websphere Application Server 7.0.0.8
* IBM Websphere Application Server 7.0.0.9
* IBM Websphere Application Server 7.0.0.10
* IBM Websphere Application Server 7.0.0.11
* IBM Websphere Application Server 7.0.0.12
* IBM Websphere Application Server 7.0.0.13
* IBM Websphere Application Server 7.0.0.14
* IBM Websphere Application Server 7.0.0.15
* IBM Websphere Application Server 7.0.0.16
* IBM Websphere Application Server 7.0.0.17
* IBM Websphere Application Server 7.0.0.18
* IBM Websphere Application Server 7.0.0.19
* IBM Websphere Application Server 7.0.0.21
* IBM Websphere Application Server 7.0.0.22
* IBM Websphere Application Server 7.0.0.23
* IBM Websphere Application Server 7.0.0.24
* IBM Websphere Application Server 7.0.0.25
* IBM Websphere Application Server 7.0.0.27
* IBM Websphere Application Server 7.0.0.28
* IBM Websphere Application Server 7.0.0.29
* IBM Websphere Application Server 7.0.0.31
* IBM Websphere Application Server 7.0.0.32
* IBM Websphere Application Server 7.0.0.33
* IBM Websphere Application Server 7.0.0.34
* IBM Websphere Application Server 7.0.0.35
* IBM Websphere Application Server 7.0.0.36
* IBM Websphere Application Server 7.0.0.37
* IBM Websphere Application Server 7.0.0.38
* IBM Websphere Application Server 7.0.0.39
* IBM Websphere Application Server 7.0.0.40
* IBM Websphere Application Server 7.0.0.41
* IBM Websphere Application Server 7.0.0.42
* IBM Websphere Application Server 8.0.0.0
* IBM Websphere Application Server 8.0.0.1
* IBM Websphere Application Server 8.0.0.2
* IBM Websphere Application Server 8.0.0.3
* IBM Websphere Application Server 8.0.0.4
* IBM Websphere Application Server 8.0.0.5
* IBM Websphere Application Server 8.0.0.6
* IBM Websphere Application Server 8.0.0.7
* IBM Websphere Application Server 8.0.0.8
* IBM Websphere Application Server 8.0.0.9
* IBM Websphere Application Server 8.0.0.10
* IBM Websphere Application Server 8.0.0.11
* IBM Websphere Application Server 8.0.0.12
* IBM Websphere Application Server 8.5.0.0
* IBM Websphere Application Server 8.5.0.1
* IBM Websphere Application Server 8.5.0.2
* IBM Websphere Application Server 8.5.5.0
* IBM Websphere Application Server 8.5.5.1
* IBM Websphere Application Server 8.5.5.2
* IBM Websphere Application Server 8.5.5.3
* IBM Websphere Application Server 8.5.5.4
* IBM Websphere Application Server 8.5.5.5
* IBM Websphere Application Server 8.5.5.6
* IBM Websphere Application Server 8.5.5.7
* IBM Websphere Application Server 8.5.5.8
* IBM Websphere Application Server 8.5.5.9
IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by the improper setting of a CSRFtoken cookie.