Vulnerability Name: | CVE-2015-2026 (CCN-104054) | ||||||||
Assigned: | 2015-09-08 | ||||||||
Published: | 2015-09-08 | ||||||||
Updated: | 2015-10-05 | ||||||||
Summary: | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | ||||||||
CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P) 5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-352 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2015-2026 Source: AIXAPAR Type: Patch, Vendor Advisory PI44098 Source: AIXAPAR Type: Patch, Vendor Advisory PI44105 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21966044 Source: CCN Type: IBM Security Bulletin 1966044 : The WebSphere eXtreme Scale 7.1.0 and 7.1.1 monitoring console lacks protection for various vulnerabilities. (CVE-2015-2025 CVE-2015-2026 CVE-2015-2027 CVE-2015-2028 CVE-2015-2029 CVE-2015-2030 CVE-2015-2031) Source: CCN Type: IBM Security Bulletin 1966045 The WebSphere eXtreme Scale 8.5 and 8.6 monitoring console lacks protection for various vulnerabilities. (CVE-2015-2025 CVE-2015-2026 CVE-2015-2027 CVE-2015-2029 CVE-2015-2030) Source: XF Type: UNKNOWN ibm-websphere-cve20152026-csrf(104054) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |