PI23055;8.0.0:Potential XSS and CSRF (CVE-2014-4770 and CVE-2014-4816)
There is a potential cross-site scripting (XSS) and a potential cross-site request forgery (CSRF) security vulnerability in WebSphere Application Server.
PI23055 resolves the following problem:
Potential security exposure in WebSphere Application Server
IBM WebSphere Application Server may be vulnerable to cross-site scripting or cross-site request forgery in the Admin Console.
The code has been updated to resolve this issue.
Please review the readme.txt for detailed installation instructions.
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options
What is Fix Central(FC)?
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
More support for:
WebSphere Application Server
Administrative Console (all non-scripting)
Software version: 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124
Operating system(s): AIX, HP-UX, IBM i, Inspur K-UX, Linux, Solaris, Windows, iOS, z/OS
Software edition: Advanced, Base, Developer, Network Deployment, Single Server
Reference #: 4038402
Modified date: 18 September 2014