CVE-2014-4816

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.x through 6.1.0.47 IBM WebSphere Application Server versions 7.0 through 7.0.0.34 IBM WebSphere Application Server versions 8.0 through 8.0.0.9 IBM WebSphere Application Server versions 8.5 through 8.5.5.3

Description A cross-site request forgery (CSRF) issue in the Administrative Console allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Recommendations For versions 6.x through 6.1.0.47, update to a version after 6.1.0.47. For versions 7.0 through 7.0.0.34, update to version 7.0.0.35 or later. For versions 8.0 through 8.0.0.9, update to version 8.0.0.10 or later. For versions 8.5 through 8.5.5.3, update to version 8.5.5.4 or later.