CVE-2016-2901

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 8.5 CF08 through 8.5 CF10 IBM Web Content Manager (affected versions not specified)

Description A cross-site request forgery (CSRF) issue exists in the PA Theme Creator application, allowing remote attackers to hijack user authentication for requests that insert XSS sequences.

Recommendations For IBM WebSphere Portal versions 8.5 CF08 through 8.5 CF10, update to a version that includes a fix for this issue. For IBM Web Content Manager, at the moment, there is no information about a newer version that contains a fix for this issue.