CVE Vulnerability

CVE-2007-5799

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245
http://secunia.com/advisories/27448 Vendor Advisory
http://www.securityfocus.com/bid/26276
http://www.securitytracker.com/id?1018884
http://osvdb.org/41619
https://exchange.xforce.ibmcloud.com/vulnerabilities/38179
Configurations

Configuration 1

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
Information

Published : 2007-11-03 12:46

Updated : 2017-07-29 01:33

NVD link : CVE-2007-5799

Mitre link : CVE-2007-5799

Products Affected
No products.
CWE
CWE-352