CVE-2010-0785 : Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS)

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published 2010-11-09 21:00:03

Updated 2017-08-17 01:32:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Threat overview for CVE-2010-0785

Top countries where our scanners detected CVE-2010-0785

Top open port discovered on systems with this issue 9080

IPs affected by CVE-2010-0785 1,282

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2010-0785!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2010-0785

Probability of exploitation activity in the next 30 days: 0.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-0785

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-0785

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0785

http://www.securityfocus.com/bid/43875

IBM WebSphere Application Server Unspecified Cross Site Request Forgery Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874

IBM PM23874: SHIP APAR FIXES FOR H28W700 FIX PACK 7.0.0.13.
http://www.vupen.com/english/advisories/2010/2595

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909

IBM notice: The page you requested cannot be displayed
http://www-01.ibm.com/support/docview.wss?uid=swg27004980

Recommended updates for WebSphere Application Server

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/62949

WebSphere Application Server Administrative Console cross-site request forgery CVE-2010-0785 Vulnerability Report

Products affected by CVE-2010-0785

IBM » Websphere Application Server » Version: 6.1.0.0
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0
cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.1
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.2
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.3
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.5
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.7
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.9
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1
cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.11
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.12
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.15
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.17
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.21
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.19
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0
cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.23
cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.4
cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.3
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.25
cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.6
cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.5
cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.27
cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.7
cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.8
cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.29
cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.31
cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.9
cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 6.1.0.33
cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.11
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Application Server » Version: 7.0.0.13
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*
Matching versions

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!