Vulnerability Name:

CVE-2010-3271 (CCN-68069)

Assigned:2010-09-09
Published:2011-06-15
Updated:2018-10-10
Summary:Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.1 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-3271

Source: CCN
Type: SA44909
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

Source: CCN
Type: SA46154
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

Source: SREASON
Type: UNKNOWN
8281

Source: CCN
Type: IBM Web site
Websphere Application Server

Source: CCN
Type: IBM APAR PM36734
SHIP APAR FIXES FOR H28W700 FIX PACK 7.0.0.19.

Source: CCN
Type: CORE-2010-1021
IBM WebSphere Application Server Cross-Site Request Forgery

Source: MISC
Type: Exploit
http://www.coresecurity.com/content/IBM-WebSphere-CSRF

Source: EXPLOIT-DB
Type: Exploit
17404

Source: CCN
Type: OSVDB ID: 73052
IBM WebSphere Application Server Admin Security Disable CSRF

Source: BUGTRAQ
Type: UNKNOWN
20110615 CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery

Source: BID
Type: UNKNOWN
48305

Source: CCN
Type: BID-48305
IBM WebSphere Application Server Administration Console Cross Site Request Forgery Vulnerability

Source: CCN
Type: BID-49766
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

Source: XF
Type: UNKNOWN
was-admin-con-csrf(68069)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:3.52:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version <= 7.0.0.13)

  • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    ibm websphere application server 2.0
    ibm websphere application server 3.0
    ibm websphere application server 3.0.2
    ibm websphere application server 3.0.2.1
    ibm websphere application server 3.0.2.2
    ibm websphere application server 3.0.2.3
    ibm websphere application server 3.0.2.4
    ibm websphere application server 3.0.21
    ibm websphere application server 3.5
    ibm websphere application server 3.5.1
    ibm websphere application server 3.5.2
    ibm websphere application server 3.5.3
    ibm websphere application server 3.52
    ibm websphere application server 4.0.1
    ibm websphere application server 4.0.2
    ibm websphere application server 4.0.3
    ibm websphere application server 4.0.4
    ibm websphere application server 5.0
    ibm websphere application server 5.0.0
    ibm websphere application server 5.0.1
    ibm websphere application server 5.0.2
    ibm websphere application server 5.0.2.1
    ibm websphere application server 5.0.2.2
    ibm websphere application server 5.0.2.3
    ibm websphere application server 5.0.2.4
    ibm websphere application server 5.0.2.5
    ibm websphere application server 5.0.2.6
    ibm websphere application server 5.0.2.7
    ibm websphere application server 5.0.2.8
    ibm websphere application server 5.0.2.9
    ibm websphere application server 5.0.2.10
    ibm websphere application server 5.0.2.11
    ibm websphere application server 5.0.2.12
    ibm websphere application server 5.0.2.13
    ibm websphere application server 5.0.2.14
    ibm websphere application server 5.0.2.15
    ibm websphere application server 5.0.2.16
    ibm websphere application server 5.1.0
    ibm websphere application server 5.1.0.2
    ibm websphere application server 5.1.0.3
    ibm websphere application server 5.1.0.4
    ibm websphere application server 5.1.0.5
    ibm websphere application server 5.1.1
    ibm websphere application server 5.1.1.1
    ibm websphere application server 5.1.1.2
    ibm websphere application server 5.1.1.3
    ibm websphere application server 5.1.1.4
    ibm websphere application server 5.1.1.5
    ibm websphere application server 5.1.1.6
    ibm websphere application server 5.1.1.7
    ibm websphere application server 5.1.1.8
    ibm websphere application server 5.1.1.9
    ibm websphere application server 5.1.1.10
    ibm websphere application server 5.1.1.11
    ibm websphere application server 5.1.1.12
    ibm websphere application server 5.1.1.13
    ibm websphere application server 5.1.1.14
    ibm websphere application server 5.1.1.15
    ibm websphere application server 5.1.1.16
    ibm websphere application server 5.1.1.17
    ibm websphere application server 6.0
    ibm websphere application server 6.0.0.1
    ibm websphere application server 6.0.0.2
    ibm websphere application server 6.0.0.3
    ibm websphere application server 6.0.1
    ibm websphere application server 6.0.1.1
    ibm websphere application server 6.0.1.2
    ibm websphere application server 6.0.1.3
    ibm websphere application server 6.0.1.5
    ibm websphere application server 6.0.1.7
    ibm websphere application server 6.0.1.9
    ibm websphere application server 6.0.1.11
    ibm websphere application server 6.0.1.13
    ibm websphere application server 6.0.1.15
    ibm websphere application server 6.0.1.17
    ibm websphere application server 6.0.2
    ibm websphere application server 6.0.2.1
    ibm websphere application server 6.0.2.2
    ibm websphere application server 6.0.2.3
    ibm websphere application server 6.0.2.4
    ibm websphere application server 6.0.2.5
    ibm websphere application server 6.0.2.6
    ibm websphere application server 6.0.2.7
    ibm websphere application server 6.0.2.9
    ibm websphere application server 6.0.2.11
    ibm websphere application server 6.0.2.13
    ibm websphere application server 6.0.2.15
    ibm websphere application server 6.0.2.17
    ibm websphere application server 6.0.2.19
    ibm websphere application server 6.0.2.22
    ibm websphere application server 6.0.2.23
    ibm websphere application server 6.0.2.24
    ibm websphere application server 6.0.2.25
    ibm websphere application server 6.0.2.27
    ibm websphere application server 6.0.2.28
    ibm websphere application server 6.0.2.29
    ibm websphere application server 6.0.2.30
    ibm websphere application server 6.0.2.31
    ibm websphere application server 6.0.2.32
    ibm websphere application server 6.1
    ibm websphere application server 6.1.0
    ibm websphere application server 6.1.0.0
    ibm websphere application server 6.1.0.1
    ibm websphere application server 6.1.0.2
    ibm websphere application server 6.1.0.3
    ibm websphere application server 6.1.0.5
    ibm websphere application server 6.1.0.7
    ibm websphere application server 6.1.0.9
    ibm websphere application server 6.1.0.11
    ibm websphere application server 6.1.0.12
    ibm websphere application server 6.1.0.15
    ibm websphere application server 6.1.0.17
    ibm websphere application server 6.1.0.19
    ibm websphere application server 6.1.0.21
    ibm websphere application server 6.1.0.23
    ibm websphere application server 6.1.0.25
    ibm websphere application server 6.1.0.27
    ibm websphere application server 6.1.0.29
    ibm websphere application server 6.1.0.31
    ibm websphere application server 6.1.0.33
    ibm websphere application server 6.1.1
    ibm websphere application server 6.1.3
    ibm websphere application server 6.1.5
    ibm websphere application server 6.1.6
    ibm websphere application server 6.1.7
    ibm websphere application server 6.1.13
    ibm websphere application server 6.1.14
    ibm websphere application server 7.0
    ibm websphere application server 7.0.0.1
    ibm websphere application server 7.0.0.2
    ibm websphere application server 7.0.0.3
    ibm websphere application server 7.0.0.4
    ibm websphere application server 7.0.0.5
    ibm websphere application server 7.0.0.6
    ibm websphere application server 7.0.0.7
    ibm websphere application server 7.0.0.8
    ibm websphere application server 7.0.0.9
    ibm websphere application server 7.0.0.11
    ibm websphere application server *
    ibm websphere application server 7.0