CVE-2016-0377

Sažetak

The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Reference

http://www.securityfocus.com/bid/92514
http://www.securitytracker.com/id/1036653
http://www-01.ibm.com/support/docview.wss?uid=swg1PI56917
http://www-01.ibm.com/support/docview.wss?uid=swg21980645

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

16-08-2017 - 01:29

Objavljeno

22-10-2016 - 03:59