CVE-2010-3271

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0.0.13 and earlier

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console of IBM WebSphere Application Server. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, specifically those that disable certain security options. This can be achieved via an Edit action to "console/adminSecurityDetail.do" followed by a save action to "console/syncworkspace.do".

Recommendations For IBM WebSphere Application Server versions 7.0.0.13 and earlier, consider disabling access to the "console/adminSecurityDetail.do" and "console/syncworkspace.do" endpoints until a fix is available. Restrict the use of the administrative console to minimize the risk of exploitation.