There is a potential cross-site scripting (XSS) and a potential cross-site request forgery (CSRF) security vulnerability in WebSphere Application Server.
PI23055 resolves the following problem:
Potential security exposure in WebSphere Application Server
IBM WebSphere Application Server may be vulnerable to cross-site scripting or cross-site request forgery in the Admin Console.
The code has been updated to resolve this issue.
Please review the readme.txt for detailed installation instructions.
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
15 June 2018