Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery

Technical Blog Post

Abstract

Body

IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. More details and fix pack links available here -

http://www-01.ibm.com/support/docview.wss?uid=swg21998167

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PEW","label":"Sterling Order Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS6PEW","label":"Sterling Order Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11124559

Tips

Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure Price Quote are vulnerable to cross-site request forgery

Technical Blog Post

Abstract

Body

UID

Share your feedback

Need support?