CVE-2016-2901: XSS
First published: Sun Jun 26 2016(Updated: )
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =8.5.0.0 | |
| IBM Workplace Web Content Management |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2901?
CVE-2016-2901 is considered a medium severity vulnerability due to its potential to allow CSRF attacks.
How do I fix CVE-2016-2901?
To fix CVE-2016-2901, apply the latest security patches provided by IBM for WebSphere Portal and Web Content Manager.
What impact does CVE-2016-2901 have on users?
CVE-2016-2901 allows attackers to hijack the authentication of arbitrary users, potentially leading to unauthorized actions.
Which versions are affected by CVE-2016-2901?
CVE-2016-2901 affects IBM WebSphere Portal versions 8.5 CF08 through CF10 and Web Content Manager.
Is there a workaround for CVE-2016-2901?
While a comprehensive workaround is not specified, limiting page access to trusted users may mitigate the risks.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/8.5.0.0
- canonical/ibm workplace web content management