Summary
IBM released security updates for WebSphere Application Server to fix three cross-site scripting vulnerabilities, including a high-severity flaw on the login page that allows attackers to hijack administrative sessions.
Take Action:
Restrict access to your WebSphere administrative console so it's only reachable from trusted internal networks, and enable multi-factor authentication on all admin accounts. Then apply IBM's interim fix for APAR PH71757 ASAP, and plan to upgrade to Fix Pack 9.0.5.29 (for version 9.0) or 8.5.5.30 (for version 8.5) as soon as they're released.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)