CVE-2013-3029

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions 6.1 before 6.1.0.47 IBM WebSphere Application Server (WAS) versions 7.0 before 7.0.0.31 IBM WebSphere Application Server (WAS) versions 8.0 before 8.0.0.7 IBM WebSphere Application Server (WAS) versions 8.5 before 8.5.5.1

Description A cross-site request forgery (CSRF) issue in the Administrative console of IBM WebSphere Application Server allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences.

Recommendations For IBM WebSphere Application Server (WAS) version 6.1, update to 6.1.0.47 or later. For IBM WebSphere Application Server (WAS) version 7.0, update to 7.0.0.31 or later. For IBM WebSphere Application Server (WAS) version 8.0, update to 8.0.0.7 or later. For IBM WebSphere Application Server (WAS) version 8.5, update to 8.5.5.1 or later.