CVE-2014-3058

Published: Dec 11, 2014Modified: May 6, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected (2)

Products: Ibm: Websphere Datapower Xc10 Appliance Firmware

Ibm

1 product

Websphere Datapower Xc10 Appliance Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Datapower Xc10 Appliance Firmware	Version 2.1.0.0
Ibm Websphere Datapower Xc10 Appliance Firmware	Version 2.5.0.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/93532

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IT04614

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21691035

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/93532

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.