CVE-2017-1194 Cross-site request forgery in WAS

CVE-2017-1194 Cross-site request forgery in WAS was recently notified by IBM support an below are details for reference.

CVE-2017-1194

CVE link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1194

CVE Description: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.

CVE Report: https://exchange.xforce.ibmcloud.com/vulnerabilities/123669

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
Liberty
Version 9.0
Version 8.5
Version 8.0
Version 7.0

As mentioned in IBM Support link, below are Remediation’s/Fixes on each version,

Option 1: Upgrade to a minimal fix pack levels as required by interim fix and then apply Interim Fix PI77770

Option 2: Upgrade to latest fixpack on each version of WebSphere Application Server.

Apply Fix Pack 9.0.0.4 or later (targeted availability 23 June 2017)
Apply Fix Pack 8.5.5.12 or later (targeted availability 04 August 2017)
Apply Fix Pack 8.0.0.14 or later (targeted availability 16 October 2017)
Apply Fix Pack 7.0.0.45 or later (targeted availability 2Q 2018)

Tags: Cross-site request forgery in WAS, CVE-2017-1194, OAuth, PI77770, was

CVE-2017-1194 Cross-site request forgery in WAS

MWP Blog Search

Our Recent Posts

Archives

Categories