CVE-2009-2746

Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
6.0.2
ibmwebsphere_application_server
6.0.2.1
ibmwebsphere_application_server
6.0.2.2
ibmwebsphere_application_server
6.0.2.3
ibmwebsphere_application_server
6.0.2.4
ibmwebsphere_application_server
6.0.2.5
ibmwebsphere_application_server
6.0.2.6
ibmwebsphere_application_server
6.0.2.7
ibmwebsphere_application_server
6.0.2.8
ibmwebsphere_application_server
6.0.2.9
ibmwebsphere_application_server
6.0.2.10
ibmwebsphere_application_server
6.0.2.11
ibmwebsphere_application_server
6.0.2.12
ibmwebsphere_application_server
6.0.2.13
ibmwebsphere_application_server
6.0.2.14
ibmwebsphere_application_server
6.0.2.15
ibmwebsphere_application_server
6.0.2.16
ibmwebsphere_application_server
6.0.2.17
ibmwebsphere_application_server
6.0.2.18
ibmwebsphere_application_server
6.0.2.19
ibmwebsphere_application_server
6.0.2.20
ibmwebsphere_application_server
6.0.2.21
ibmwebsphere_application_server
6.0.2.22
ibmwebsphere_application_server
6.0.2.23
ibmwebsphere_application_server
6.0.2.24
ibmwebsphere_application_server
6.0.2.25
ibmwebsphere_application_server
6.0.2.27
ibmwebsphere_application_server
6.0.2.28
ibmwebsphere_application_server
6.0.2.29
ibmwebsphere_application_server
6.0.2.30
ibmwebsphere_application_server
6.0.2.31
ibmwebsphere_application_server
6.0.2.32
ibmwebsphere_application_server
6.0.2.33
ibmwebsphere_application_server
6.0.2.35
ibmwebsphere_application_server
6.0.2.37
ibmwebsphere_application_server
6.1.0
ibmwebsphere_application_server
6.1.0.0
ibmwebsphere_application_server
6.1.0.1
ibmwebsphere_application_server
6.1.0.2
ibmwebsphere_application_server
6.1.0.3
ibmwebsphere_application_server
6.1.0.5
ibmwebsphere_application_server
6.1.0.7
ibmwebsphere_application_server
6.1.0.9
ibmwebsphere_application_server
6.1.0.11
ibmwebsphere_application_server
6.1.0.12
ibmwebsphere_application_server
6.1.0.13
ibmwebsphere_application_server
6.1.0.15
ibmwebsphere_application_server
6.1.0.17
ibmwebsphere_application_server
6.1.0.19
ibmwebsphere_application_server
6.1.0.21
ibmwebsphere_application_server
6.1.0.23
ibmwebsphere_application_server
6.1.0.25
ibmwebsphere_application_server
6.1.0.27
ibmwebsphere_application_server
7.0
ibmwebsphere_application_server
7.0.0.1
ibmwebsphere_application_server
7.0.0.3
ibmwebsphere_application_server
7.0.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/37221
http://www-01.ibm.com/support/docview.wss?uid=swg1PK87176
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
https://exchange.xforce.ibmcloud.com/vulnerabilities/54227
http://secunia.com/advisories/37221
http://www-01.ibm.com/support/docview.wss?uid=swg1PK87176
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
https://exchange.xforce.ibmcloud.com/vulnerabilities/54227