CVE-2022-33735 There is a password verification vulnerability in WS7200-10 11.0.2.13
There is a cross-site scripting (XSS) vulnerability in WS7200-10 11.0.2.13. An attacker can inject malicious code into the Web page, which may cause information disclosure or financial fraud.
There is a cross-site request forgery (CSRF) vulnerability in WS7200-10 11.0.2.13. An attacker can create a malicious link that can trick the user into performing unwanted actions.
There is a SQL injection vulnerability in WS7200-10 11.0.2.13. Attackers may use SQL injection to inject malicious code into the database to obtain confidential information.
There is a remote code execution vulnerability in WS7200-10 11.0.2.13. Attackers may use a remote code execution vulnerability to obtain system privileges and perform actions on the system as the root user.
There is a file upload vulnerability in WS7200-10 11.0.2.13. Attackers may use a file upload vulnerability to acquire sensitive information.
There is a cross-site request forgery (CSRF) vulnerability in WS7200-10 11.0.2.13. An attacker can create a malicious link that can trick the user into performing unwanted actions.
There is a session management vulnerability in WS7200-10 11.0.2.13. Attackers may use a session management vulnerability to obtain sensitive information or cause a denial
WS7200-10 Software Features & Benefits
- Support for the following platforms: Mac OS X, Linux, and UNIX
- Multithreaded web server
- WS7200-10 is a web server designed to be powerful enough to handle corporations' networks. It's built with the latest components of IBM WebSphere Application Server®, including IBM DB2® database, IBM WebSphere MQ™ message queuing, IBM WebSphere Process Integration (WIPI) engine, and more.
- WS7200-10 has high availability features that include load balancing and failover clustering.
- WS7200-10 also includes robust content management features like Content Management System (CMS) functionality and document markup language (DML).
WS7200-10 software features & benefits:https://www.ibm.com/support/knowledgecenter/SS4HGT5HHAK0JIAG_WS72000XT1_1140202213413/com.ibm.ws72000xt1/index.jsp?locale=en_US
WS7201-100 12.1.1.6
There is a cross-site request forgery (CSRF) vulnerability in WS7201-100 12.1.1.6. An attacker can create a malicious link that can trick the user into performing unwanted actions.
There is an open redirect vulnerability in WS7201-100 12.1.1.6. Attackers may use an open redirect vulnerability to intercept HTTP traffic and something misleading appears in the URL bar of the visitor’s browser after visiting certain URLs on this website.
WS7200-10 Vulnerabilities Discussed in This Report
The following vulnerabilities were found in the 11.0.2.13 version of WS7200-10.
Cross-site scripting vulnerability in Web Site: CVE-2022-33735
There is a cross-site scripting vulnerability in WS7200-10 11.0.2.13 that allows an attacker to inject malicious code into the Web page, which may cause information disclosure or financial fraud.
An attacker can inject malicious code into the Web page, which may cause information disclosure or financial fraud by exploiting this vulnerability on the affected site and tricking a user into performing unwanted actions by persuading them to click on a specially crafted URL via email or IM message with a link that takes users to a malicious site that exploits this vulnerability and then perform additional actions including disclosing sensitive information, transferring funds, or installing malware on their system when they click through it.
WS7200-10 Vulnerability - CSRF
If you have a WS7200-10 with 11.0.2.13 and older versions, such as 10.8.2.13, please upgrade to the latest version.
Timeline
Published on: 09/20/2022 20:15:00 UTC
Last modified on: 09/22/2022 12:47:00 UTC