Lucene search
MitreCVE-2010-3271HistoryJul 18, 2011 - 10:55 p.m.
CVE-2010-3271
2011-07-1822:55:00
CWE-352
mitre
web.nvd.nist.gov
30
ibm
websphere
app server
csrf
vulnerability
cve-2010-3271
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
75.1%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.
Affected configurations
Node
ibmwebsphere_application_serverRange≤7.0.0.13
ORibmwebsphere_application_serverMatch2.0
ORibmwebsphere_application_serverMatch3.0
ORibmwebsphere_application_serverMatch3.0.2
ORibmwebsphere_application_serverMatch3.0.2.1
ORibmwebsphere_application_serverMatch3.0.2.2
ORibmwebsphere_application_serverMatch3.0.2.3
ORibmwebsphere_application_serverMatch3.0.2.4
ORibmwebsphere_application_serverMatch3.0.21
ORibmwebsphere_application_serverMatch3.5
ORibmwebsphere_application_serverMatch3.5.1
ORibmwebsphere_application_serverMatch3.5.2
ORibmwebsphere_application_serverMatch3.5.3
ORibmwebsphere_application_serverMatch3.52
ORibmwebsphere_application_serverMatch4.0.1
ORibmwebsphere_application_serverMatch4.0.2
ORibmwebsphere_application_serverMatch4.0.3
ORibmwebsphere_application_serverMatch4.0.4
ORibmwebsphere_application_serverMatch5.0
ORibmwebsphere_application_serverMatch5.0.0
ORibmwebsphere_application_serverMatch5.0.1
ORibmwebsphere_application_serverMatch5.0.2
ORibmwebsphere_application_serverMatch5.0.2.1
ORibmwebsphere_application_serverMatch5.0.2.2
ORibmwebsphere_application_serverMatch5.0.2.3
ORibmwebsphere_application_serverMatch5.0.2.4
ORibmwebsphere_application_serverMatch5.0.2.5
ORibmwebsphere_application_serverMatch5.0.2.6
ORibmwebsphere_application_serverMatch5.0.2.7
ORibmwebsphere_application_serverMatch5.0.2.8
ORibmwebsphere_application_serverMatch5.0.2.9
ORibmwebsphere_application_serverMatch5.0.2.10
ORibmwebsphere_application_serverMatch5.0.2.11
ORibmwebsphere_application_serverMatch5.0.2.12
ORibmwebsphere_application_serverMatch5.0.2.13
ORibmwebsphere_application_serverMatch5.0.2.14
ORibmwebsphere_application_serverMatch5.0.2.15
ORibmwebsphere_application_serverMatch5.0.2.16
ORibmwebsphere_application_serverMatch5.1.0
ORibmwebsphere_application_serverMatch5.1.0.2
ORibmwebsphere_application_serverMatch5.1.0.3
ORibmwebsphere_application_serverMatch5.1.0.4
ORibmwebsphere_application_serverMatch5.1.0.5
ORibmwebsphere_application_serverMatch5.1.1
ORibmwebsphere_application_serverMatch5.1.1.1
ORibmwebsphere_application_serverMatch5.1.1.2
ORibmwebsphere_application_serverMatch5.1.1.3
ORibmwebsphere_application_serverMatch5.1.1.4
ORibmwebsphere_application_serverMatch5.1.1.5
ORibmwebsphere_application_serverMatch5.1.1.6
ORibmwebsphere_application_serverMatch5.1.1.7
ORibmwebsphere_application_serverMatch5.1.1.8
ORibmwebsphere_application_serverMatch5.1.1.9
ORibmwebsphere_application_serverMatch5.1.1.10
ORibmwebsphere_application_serverMatch5.1.1.11
ORibmwebsphere_application_serverMatch5.1.1.12
ORibmwebsphere_application_serverMatch5.1.1.13
ORibmwebsphere_application_serverMatch5.1.1.14
ORibmwebsphere_application_serverMatch5.1.1.15
ORibmwebsphere_application_serverMatch5.1.1.16
ORibmwebsphere_application_serverMatch5.1.1.17
ORibmwebsphere_application_serverMatch6.0
ORibmwebsphere_application_serverMatch6.0.0.1
ORibmwebsphere_application_serverMatch6.0.0.2
ORibmwebsphere_application_serverMatch6.0.0.3
ORibmwebsphere_application_serverMatch6.0.1
ORibmwebsphere_application_serverMatch6.0.1.1
ORibmwebsphere_application_serverMatch6.0.1.2
ORibmwebsphere_application_serverMatch6.0.1.3
ORibmwebsphere_application_serverMatch6.0.1.5
ORibmwebsphere_application_serverMatch6.0.1.7
ORibmwebsphere_application_serverMatch6.0.1.9
ORibmwebsphere_application_serverMatch6.0.1.11
ORibmwebsphere_application_serverMatch6.0.1.13
ORibmwebsphere_application_serverMatch6.0.1.15
ORibmwebsphere_application_serverMatch6.0.1.17
ORibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.22
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.24
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.28
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.30
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.32
ORibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.25
ORibmwebsphere_application_serverMatch6.1.0.27
ORibmwebsphere_application_serverMatch6.1.0.29
ORibmwebsphere_application_serverMatch6.1.0.31
ORibmwebsphere_application_serverMatch6.1.0.33
ORibmwebsphere_application_serverMatch6.1.1
ORibmwebsphere_application_serverMatch6.1.3
ORibmwebsphere_application_serverMatch6.1.5
ORibmwebsphere_application_serverMatch6.1.6
ORibmwebsphere_application_serverMatch6.1.7
ORibmwebsphere_application_serverMatch6.1.13
ORibmwebsphere_application_serverMatch6.1.14
ORibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.2
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.4
ORibmwebsphere_application_serverMatch7.0.0.5
ORibmwebsphere_application_serverMatch7.0.0.6
ORibmwebsphere_application_serverMatch7.0.0.7
ORibmwebsphere_application_serverMatch7.0.0.8
ORibmwebsphere_application_serverMatch7.0.0.9
ORibmwebsphere_application_serverMatch7.0.0.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | * | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 2.0 | cpe:2.3:a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0 | cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2 | cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.2 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.21 | cpe:2.3:a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.5 | cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
CORE-2010-1021: IBM WebSphere Application Server Cross-Site Request Forgery
2011-06-19 00:00:00
IBM WebSphere crossite request forgery
2011-06-19 00:00:00
zdt
zdt
IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability
2011-06-15 00:00:00
exploitpack
exploitpack
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery
2011-06-15 00:00:00
nvd
nvd
CVE-2010-3271
2011-07-18 22:55:00
packetstorm
packetstorm
Core Security Technologies Advisory 2010.1021
2011-06-16 00:00:00
seebug
seebug
IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability
2011-06-16 00:00:00
openvas
openvas
IBM WebSphere Application Server Multiple CSRF Vulnerabilities
2011-07-22 00:00:00
IBM WebSphere Application Server Multiple CSRF Vulnerabilities
2011-07-22 00:00:00
cvelist
cvelist
CVE-2010-3271
2011-07-18 22:00:00
exploitdb
exploitdb
IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery
2011-06-15 00:00:00
prion
prion
Cross site request forgery (csrf)
2011-07-18 22:55:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
75.1%
Related for CVE-2010-3271