Sign-up

ID

VAR-201412-0327


CVE

CVE-2014-3058


TITLE

IBM WebSphere DataPower XC10 Appliance cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005959

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM WebSphere DataPower XC10 is a high-speed cache platform of IBM Corporation in the United States. The platform enables distributed caching of data with little to no change to existing applications. A remote attacker could exploit this vulnerability to insert an XSS sequence

Trust: 1.71

sources: NVD: CVE-2014-3058 // JVNDB: JVNDB-2014-005959 // VULHUB: VHN-70997

AFFECTED PRODUCTS

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.0

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1.0.0

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 the appliancescope: - version: -

Trust: 0.8

vendor:ibmmodel:websphere datapower xc10 the appliancescope:eqversion:2.1

Trust: 0.8

vendor:ibmmodel:websphere datapower xc10 the appliancescope:ltversion:2.5 thats all 2.5 fp4

Trust: 0.8

sources: JVNDB: JVNDB-2014-005959 // CNNVD: CNNVD-201412-279 // NVD: CVE-2014-3058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3058
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3058
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70997
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3058
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70997
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70997 // JVNDB: JVNDB-2014-005959 // CNNVD: CNNVD-201412-279 // NVD: CVE-2014-3058

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-70997 // JVNDB: JVNDB-2014-005959 // NVD: CVE-2014-3058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-279

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201412-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005959

PATCH
title:1691035url:http://www-01.ibm.com/support/docview.wss?uid=swg21691035
Trust: 0.8
title:XC10-2.1.0.3-cf31448.28122752-9235url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53008
Trust: 0.6
title:XC10-2.5.0.4-cf61449.04150359-7199-vsl-3.2.6url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53011
Trust: 0.6
title:XC10-2.5.0.4-cf61449.04150359-7199url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53010
Trust: 0.6
title:XC10-2.1.0.3-cf31448.28122752-7199url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53009
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-005959 // 
            
            
            
            CNNVD: CNNVD-201412-279

EXTERNAL IDS
db:NVDid:CVE-2014-3058
Trust: 2.5
db:JVNDBid:JVNDB-2014-005959
Trust: 0.8
db:CNNVDid:CNNVD-201412-279
Trust: 0.7
db:XFid:93532
Trust: 0.6
db:VULHUBid:VHN-70997
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70997 // 
            
            
            
            JVNDB: JVNDB-2014-005959 // 
            
            
            
            CNNVD: CNNVD-201412-279 // 
            
            
            
            NVD: CVE-2014-3058

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1it04614
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21691035
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/93532
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3058
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3058
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/93532
Trust: 0.6
sources:
            
            
            VULHUB: VHN-70997 // 
            
            
            
            JVNDB: JVNDB-2014-005959 // 
            
            
            
            CNNVD: CNNVD-201412-279 // 
            
            
            
            NVD: CVE-2014-3058

SOURCES
db:VULHUBid:VHN-70997
db:JVNDBid:JVNDB-2014-005959
db:CNNVDid:CNNVD-201412-279
db:NVDid:CVE-2014-3058

LAST UPDATE DATE
2025-04-13T23:39:40.503000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70997date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2014-005959date:2014-12-15T00:00:00
db:CNNVDid:CNNVD-201412-279date:2014-12-12T00:00:00
db:NVDid:CVE-2014-3058date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-70997date:2014-12-11T00:00:00
db:JVNDBid:JVNDB-2014-005959date:2014-12-15T00:00:00
db:CNNVDid:CNNVD-201412-279date:2014-12-12T00:00:00
db:NVDid:CVE-2014-3058date:2014-12-11T16:59:00.100