IBM WebSphere Commerce is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious website, a remote attacker might send a malformed HTTP request. An attacker might use this vulnerability to perform cross-site scripting attacks, web cache poisoning, and other malicious activities.
CVE(s): CVE-2016-2863
Affected product(s) and affected version(s):
WebSphere Commerce version 8.0.1.0 – 8.0.1.1
WebSphere Commerce version 8.0.0.0 – 8.0.0.9
WebSphere Commerce versions 7 Feature Pack 8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/297OnEw
X-Force Database: http://ift.tt/298BQgL
from IBM Product Security Incident Response Team http://ift.tt/297OtMp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.