CVE-2007-5799Cross-Site Request Forgery in IBM Websphere Application Server

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 56.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedNov 3
Latest updateMay 1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p79r-6c8h-57c9: Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree2022-05-01
CVEList
CVE-2007-5799: Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree2007-11-03
CVE-2007-5799 — Cross-Site Request Forgery in IBM | cvebase