A vulnerability has been reported in IBM WebSphere Application Server.
IBM WebSphere Application Server 6.1.x
IBM WebSphere Application Server 7.0.x
IBM WebSphere Application Server 8.0.x
The vulnerability is caused due to missing access controls in the Application Snoop Servlet when handling requests and can be exploited to disclose request and client information.
WebSphere Application Server Administration Console is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Administrative Console. A remote attacker could exploit this vulnerability using unspecified attack vectors to inject script in a victim's web browser within the security context of the hosting Web site.
Exposure of sensitive information
Apply APAR PM56183 or update to version 126.96.36.199, 188.8.131.52, or 184.108.40.206.