CVE-2009-2746: CSRF
First published: Mon Nov 16 2009(Updated: )
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server | =6.0.2 | |
| IBM WebSphere Application Server | =6.0.2.1 | |
| IBM WebSphere Application Server | =6.0.2.2 | |
| IBM WebSphere Application Server | =6.0.2.3 | |
| IBM WebSphere Application Server | =6.0.2.4 | |
| IBM WebSphere Application Server | =6.0.2.5 | |
| IBM WebSphere Application Server | =6.0.2.6 | |
| IBM WebSphere Application Server | =6.0.2.7 | |
| IBM WebSphere Application Server | =6.0.2.8 | |
| IBM WebSphere Application Server | =6.0.2.9 | |
| IBM WebSphere Application Server | =6.0.2.10 | |
| IBM WebSphere Application Server | =6.0.2.11 | |
| IBM WebSphere Application Server | =6.0.2.12 | |
| IBM WebSphere Application Server | =6.0.2.13 | |
| IBM WebSphere Application Server | =6.0.2.14 | |
| IBM WebSphere Application Server | =6.0.2.15 | |
| IBM WebSphere Application Server | =6.0.2.16 | |
| IBM WebSphere Application Server | =6.0.2.17 | |
| IBM WebSphere Application Server | =6.0.2.18 | |
| IBM WebSphere Application Server | =6.0.2.19 | |
| IBM WebSphere Application Server | =6.0.2.20 | |
| IBM WebSphere Application Server | =6.0.2.21 | |
| IBM WebSphere Application Server | =6.0.2.22 | |
| IBM WebSphere Application Server | =6.0.2.23 | |
| IBM WebSphere Application Server | =6.0.2.24 | |
| IBM WebSphere Application Server | =6.0.2.25 | |
| IBM WebSphere Application Server | =6.0.2.27 | |
| IBM WebSphere Application Server | =6.0.2.28 | |
| IBM WebSphere Application Server | =6.0.2.29 | |
| IBM WebSphere Application Server | =6.0.2.30 | |
| IBM WebSphere Application Server | =6.0.2.31 | |
| IBM WebSphere Application Server | =6.0.2.32 | |
| IBM WebSphere Application Server | =6.0.2.33 | |
| IBM WebSphere Application Server | =6.0.2.35 | |
| IBM WebSphere Application Server | =6.0.2.37 | |
| IBM WebSphere Application Server | =6.1 | |
| IBM WebSphere Application Server | =6.1.0 | |
| IBM WebSphere Application Server | =6.1.0.0 | |
| IBM WebSphere Application Server | =6.1.0.1 | |
| IBM WebSphere Application Server | =6.1.0.2 | |
| IBM WebSphere Application Server | =6.1.0.3 | |
| IBM WebSphere Application Server | =6.1.0.5 | |
| IBM WebSphere Application Server | =6.1.0.7 | |
| IBM WebSphere Application Server | =6.1.0.9 | |
| IBM WebSphere Application Server | =6.1.0.11 | |
| IBM WebSphere Application Server | =6.1.0.12 | |
| IBM WebSphere Application Server | =6.1.0.13 | |
| IBM WebSphere Application Server | =6.1.0.15 | |
| IBM WebSphere Application Server | =6.1.0.17 | |
| IBM WebSphere Application Server | =6.1.0.19 | |
| IBM WebSphere Application Server | =6.1.0.21 | |
| IBM WebSphere Application Server | =6.1.0.23 | |
| IBM WebSphere Application Server | =6.1.0.25 | |
| IBM WebSphere Application Server | =6.1.0.27 | |
| IBM WebSphere Application Server | =7.0 | |
| IBM WebSphere Application Server | =7.0.0.1 | |
| IBM WebSphere Application Server | =7.0.0.3 | |
| IBM WebSphere Application Server | =7.0.0.4 | |
| IBM WebSphere Application Server | =7.0.0.5 | |
| IBM WebSphere Application Server | =6.1 | |
| IBM WebSphere Application Server | =7.0.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2746?
CVE-2009-2746 is classified as a moderate severity vulnerability due to its potential to allow unauthorized access to administrative functions.
How do I fix CVE-2009-2746?
To fix CVE-2009-2746, upgrade to IBM WebSphere Application Server versions 6.0.2.39, 6.1.0.29, or 7.0.0.7 or later.
What versions of IBM WebSphere Application Server are affected by CVE-2009-2746?
CVE-2009-2746 affects IBM WebSphere Application Server versions 6.0.2 through 6.0.2.38, and 6.1.0 through 6.1.0.28, as well as 7.0.0 through 7.0.0.6.
What type of vulnerability is CVE-2009-2746?
CVE-2009-2746 is a Cross-site request forgery (CSRF) vulnerability.
Who can exploit CVE-2009-2746?
CVE-2009-2746 can potentially be exploited by remote attackers to hijack the authentication of administrators.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm websphere application server
- version/ibm websphere application server/6.0.2
- version/ibm websphere application server/6.0.2.1
- version/ibm websphere application server/6.0.2.2
- version/ibm websphere application server/6.0.2.3
- version/ibm websphere application server/6.0.2.4
- version/ibm websphere application server/6.0.2.5
- version/ibm websphere application server/6.0.2.6
- version/ibm websphere application server/6.0.2.7
- version/ibm websphere application server/6.0.2.8
- version/ibm websphere application server/6.0.2.9
- version/ibm websphere application server/6.0.2.10
- version/ibm websphere application server/6.0.2.11
- version/ibm websphere application server/6.0.2.12
- version/ibm websphere application server/6.0.2.13
- version/ibm websphere application server/6.0.2.14
- version/ibm websphere application server/6.0.2.15
- version/ibm websphere application server/6.0.2.16
- version/ibm websphere application server/6.0.2.17
- version/ibm websphere application server/6.0.2.18
- version/ibm websphere application server/6.0.2.19
- version/ibm websphere application server/6.0.2.20
- version/ibm websphere application server/6.0.2.21
- version/ibm websphere application server/6.0.2.22
- version/ibm websphere application server/6.0.2.23
- version/ibm websphere application server/6.0.2.24
- version/ibm websphere application server/6.0.2.25
- version/ibm websphere application server/6.0.2.27
- version/ibm websphere application server/6.0.2.28
- version/ibm websphere application server/6.0.2.29
- version/ibm websphere application server/6.0.2.30
- version/ibm websphere application server/6.0.2.31
- version/ibm websphere application server/6.0.2.32
- version/ibm websphere application server/6.0.2.33
- version/ibm websphere application server/6.0.2.35
- version/ibm websphere application server/6.0.2.37
- version/ibm websphere application server/6.1
- version/ibm websphere application server/6.1.0
- version/ibm websphere application server/6.1.0.0
- version/ibm websphere application server/6.1.0.1
- version/ibm websphere application server/6.1.0.2
- version/ibm websphere application server/6.1.0.3
- version/ibm websphere application server/6.1.0.5
- version/ibm websphere application server/6.1.0.7
- version/ibm websphere application server/6.1.0.9
- version/ibm websphere application server/6.1.0.11
- version/ibm websphere application server/6.1.0.12
- version/ibm websphere application server/6.1.0.13
- version/ibm websphere application server/6.1.0.15
- version/ibm websphere application server/6.1.0.17
- version/ibm websphere application server/6.1.0.19
- version/ibm websphere application server/6.1.0.21
- version/ibm websphere application server/6.1.0.23
- version/ibm websphere application server/6.1.0.25
- version/ibm websphere application server/6.1.0.27
- version/ibm websphere application server/7.0
- version/ibm websphere application server/7.0.0.1
- version/ibm websphere application server/7.0.0.3
- version/ibm websphere application server/7.0.0.4
- version/ibm websphere application server/7.0.0.5