CVE-2014-6214

Published: Mar 13, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected (3)

Products: Ibm: Websphere Portal

Ibm

1 product

Websphere Portal

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 8.0.0.0
Ibm Websphere Portal	Version 8.0.0.1
Ibm Websphere Portal	Version 8.5.0.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21697213

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securitytracker.com/id/1031880

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1PI34987

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21697213

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securitytracker.com/id/1031880

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.