Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3271 — Cross-Site Request Forgery in IBM Websphere Application Server

CWE-352 — Cross-Site Request Forgery5 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 30.27%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Websphere Application Server

Timeline

PublishedJul 18

Latest updateMay 14

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server7.0.0.13+138

🔴Vulnerability Details

GHSA

GHSA-g9g3-hphr-q46f: Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Applicati↗2022-05-14

▶

CVEList

CVE-2010-3271: Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Applicati↗2011-07-18

▶

💥Exploits & PoCs

Exploit-DB

IBM Websphere Application Server 7.0.0.13 - Cross-Site Request Forgery↗2011-06-15

▶

Exploit-DB

SoftBizScripts Dating Script - SQL Injection↗2010-04-28

▶