IBM.WebSphere.MQ.File.Transfer.Edition.Web.Gateway.CSRF
Description
This indicates an attack attempt against a Cross Site Request Forgery vulnerability in in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere Managed File Transfer.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. These vulnerabilities can be exploited using a CSRF (Cross Site Request Forgery) attack, allowing malicious user to add userspace, change permissions and add MQMD (MQ Message Descriptor) user IDs.
Affected Products
WebSphere MQ File Transfer Edition Version 7.0.4 and earlier versions
WebSphere MQ - Managed File Transfer Version 7.5 and earlier versions
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www-01.ibm.com/support/docview.wss?uid=swg21607482
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |