CVE-2014-4816: XSS
First published: Tue Sep 23 2014(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.1.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.28 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.30 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.32 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.35 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.37 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.39 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.41 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.0.2.43 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.35 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.37 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.39 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.41 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.43 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.45 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.47 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.10 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.11 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.12 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.13 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.14 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.15 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.16 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.17 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.18 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.19 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.21 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.22 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.23 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.24 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.25 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.27 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.29 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.31 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.33 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.3 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.4 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.5 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.6 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.7 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.8 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.9 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.1 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.0.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.0 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.2 | |
| IBM WebSphere Application Server Feature Pack for Web Services | =8.5.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/61418
- http://secunia.com/advisories/61423
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI23055
- http://www-01.ibm.com/support/docview.wss?uid=swg21682767
- http://www.kb.cert.org/vuls/id/573356
- http://www.securityfocus.com/bid/69980
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95402
Frequently Asked Questions
What is the severity of CVE-2014-4816?
CVE-2014-4816 has a high severity rating due to its potential for cross-site request forgery attacks that can compromise user accounts.
How do I fix CVE-2014-4816?
To fix CVE-2014-4816, it is recommended to upgrade IBM WebSphere Application Server to a version that has patched the vulnerability, such as 7.0.0.35 or later, 8.0.0.10 or later, or 8.5.5.4 or later.
Who is affected by CVE-2014-4816?
CVE-2014-4816 affects remote authenticated users of specific versions of IBM WebSphere Application Server, including versions 6.x, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4.
What impact does CVE-2014-4816 have on organizations?
The impact of CVE-2014-4816 includes the ability for attackers to hijack user sessions, potentially allowing them to perform actions on behalf of users without their consent.
Is there a workaround for CVE-2014-4816?
While upgrading to a patched version is the primary solution, limiting access to the administrative console can act as a temporary workaround for CVE-2014-4816.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/references
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/ibm
- canonical/ibm websphere application server feature pack for web services
- version/ibm websphere application server feature pack for web services/6.0
- version/ibm websphere application server feature pack for web services/6.0.0.1
- version/ibm websphere application server feature pack for web services/6.0.0.2
- version/ibm websphere application server feature pack for web services/6.0.0.3
- version/ibm websphere application server feature pack for web services/6.0.1
- version/ibm websphere application server feature pack for web services/6.0.1.1
- version/ibm websphere application server feature pack for web services/6.0.1.2
- version/ibm websphere application server feature pack for web services/6.0.1.3
- version/ibm websphere application server feature pack for web services/6.0.1.5
- version/ibm websphere application server feature pack for web services/6.0.1.7
- version/ibm websphere application server feature pack for web services/6.0.1.9
- version/ibm websphere application server feature pack for web services/6.0.1.11
- version/ibm websphere application server feature pack for web services/6.0.1.13
- version/ibm websphere application server feature pack for web services/6.0.1.15
- version/ibm websphere application server feature pack for web services/6.0.1.17
- version/ibm websphere application server feature pack for web services/6.0.2
- version/ibm websphere application server feature pack for web services/6.0.2.1
- version/ibm websphere application server feature pack for web services/6.0.2.2
- version/ibm websphere application server feature pack for web services/6.0.2.3
- version/ibm websphere application server feature pack for web services/6.0.2.4
- version/ibm websphere application server feature pack for web services/6.0.2.5
- version/ibm websphere application server feature pack for web services/6.0.2.6
- version/ibm websphere application server feature pack for web services/6.0.2.7
- version/ibm websphere application server feature pack for web services/6.0.2.9
- version/ibm websphere application server feature pack for web services/6.0.2.11
- version/ibm websphere application server feature pack for web services/6.0.2.13
- version/ibm websphere application server feature pack for web services/6.0.2.15
- version/ibm websphere application server feature pack for web services/6.0.2.17
- version/ibm websphere application server feature pack for web services/6.0.2.19
- version/ibm websphere application server feature pack for web services/6.0.2.22
- version/ibm websphere application server feature pack for web services/6.0.2.23
- version/ibm websphere application server feature pack for web services/6.0.2.24
- version/ibm websphere application server feature pack for web services/6.0.2.25
- version/ibm websphere application server feature pack for web services/6.0.2.27
- version/ibm websphere application server feature pack for web services/6.0.2.28
- version/ibm websphere application server feature pack for web services/6.0.2.29
- version/ibm websphere application server feature pack for web services/6.0.2.30
- version/ibm websphere application server feature pack for web services/6.0.2.31
- version/ibm websphere application server feature pack for web services/6.0.2.32
- version/ibm websphere application server feature pack for web services/6.0.2.33
- version/ibm websphere application server feature pack for web services/6.0.2.35
- version/ibm websphere application server feature pack for web services/6.0.2.37
- version/ibm websphere application server feature pack for web services/6.0.2.39
- version/ibm websphere application server feature pack for web services/6.0.2.41
- version/ibm websphere application server feature pack for web services/6.0.2.43
- version/ibm websphere application server feature pack for web services/6.1
- version/ibm websphere application server feature pack for web services/6.1.0
- version/ibm websphere application server feature pack for web services/6.1.0.0
- version/ibm websphere application server feature pack for web services/6.1.0.1
- version/ibm websphere application server feature pack for web services/6.1.0.2
- version/ibm websphere application server feature pack for web services/6.1.0.3
- version/ibm websphere application server feature pack for web services/6.1.0.5
- version/ibm websphere application server feature pack for web services/6.1.0.7
- version/ibm websphere application server feature pack for web services/6.1.0.9
- version/ibm websphere application server feature pack for web services/6.1.0.11
- version/ibm websphere application server feature pack for web services/6.1.0.12
- version/ibm websphere application server feature pack for web services/6.1.0.13
- version/ibm websphere application server feature pack for web services/6.1.0.14
- version/ibm websphere application server feature pack for web services/6.1.0.15
- version/ibm websphere application server feature pack for web services/6.1.0.17
- version/ibm websphere application server feature pack for web services/6.1.0.19
- version/ibm websphere application server feature pack for web services/6.1.0.21
- version/ibm websphere application server feature pack for web services/6.1.0.23
- version/ibm websphere application server feature pack for web services/6.1.0.25
- version/ibm websphere application server feature pack for web services/6.1.0.27
- version/ibm websphere application server feature pack for web services/6.1.0.29
- version/ibm websphere application server feature pack for web services/6.1.0.31
- version/ibm websphere application server feature pack for web services/6.1.0.33
- version/ibm websphere application server feature pack for web services/6.1.0.35
- version/ibm websphere application server feature pack for web services/6.1.0.37
- version/ibm websphere application server feature pack for web services/6.1.0.39
- version/ibm websphere application server feature pack for web services/6.1.0.41
- version/ibm websphere application server feature pack for web services/6.1.0.43
- version/ibm websphere application server feature pack for web services/6.1.0.45
- version/ibm websphere application server feature pack for web services/6.1.0.47
- version/ibm websphere application server feature pack for web services/7.0
- version/ibm websphere application server feature pack for web services/7.0.0.1
- version/ibm websphere application server feature pack for web services/7.0.0.2
- version/ibm websphere application server feature pack for web services/7.0.0.3
- version/ibm websphere application server feature pack for web services/7.0.0.4
- version/ibm websphere application server feature pack for web services/7.0.0.5
- version/ibm websphere application server feature pack for web services/7.0.0.6
- version/ibm websphere application server feature pack for web services/7.0.0.7
- version/ibm websphere application server feature pack for web services/7.0.0.8
- version/ibm websphere application server feature pack for web services/7.0.0.9
- version/ibm websphere application server feature pack for web services/7.0.0.10
- version/ibm websphere application server feature pack for web services/7.0.0.11
- version/ibm websphere application server feature pack for web services/7.0.0.12
- version/ibm websphere application server feature pack for web services/7.0.0.13
- version/ibm websphere application server feature pack for web services/7.0.0.14
- version/ibm websphere application server feature pack for web services/7.0.0.15
- version/ibm websphere application server feature pack for web services/7.0.0.16
- version/ibm websphere application server feature pack for web services/7.0.0.17
- version/ibm websphere application server feature pack for web services/7.0.0.18
- version/ibm websphere application server feature pack for web services/7.0.0.19
- version/ibm websphere application server feature pack for web services/7.0.0.21
- version/ibm websphere application server feature pack for web services/7.0.0.22
- version/ibm websphere application server feature pack for web services/7.0.0.23
- version/ibm websphere application server feature pack for web services/7.0.0.24
- version/ibm websphere application server feature pack for web services/7.0.0.25
- version/ibm websphere application server feature pack for web services/7.0.0.27
- version/ibm websphere application server feature pack for web services/7.0.0.29
- version/ibm websphere application server feature pack for web services/7.0.0.31
- version/ibm websphere application server feature pack for web services/7.0.0.33
- version/ibm websphere application server feature pack for web services/8.0.0.0
- version/ibm websphere application server feature pack for web services/8.0.0.1
- version/ibm websphere application server feature pack for web services/8.0.0.2
- version/ibm websphere application server feature pack for web services/8.0.0.3
- version/ibm websphere application server feature pack for web services/8.0.0.4
- version/ibm websphere application server feature pack for web services/8.0.0.5
- version/ibm websphere application server feature pack for web services/8.0.0.6
- version/ibm websphere application server feature pack for web services/8.0.0.7
- version/ibm websphere application server feature pack for web services/8.0.0.8
- version/ibm websphere application server feature pack for web services/8.0.0.9
- version/ibm websphere application server feature pack for web services/8.5.0.0
- version/ibm websphere application server feature pack for web services/8.5.0.1
- version/ibm websphere application server feature pack for web services/8.5.0.2
- version/ibm websphere application server feature pack for web services/8.5.5.0
- version/ibm websphere application server feature pack for web services/8.5.5.2
- version/ibm websphere application server feature pack for web services/8.5.5.3