CVE-2016-2901

Published: Jun 26, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected (2)

Products: Ibm: Websphere Portal, Web Content Manager

2 products

Websphere Portal

Web Content Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 8.5.0.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Web Content Manager	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21983974

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securitytracker.com/id/1036143

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21983974

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1036143

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.