IBM WebSphere Application Server (WAS) Predictable Session Cookies
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
IBM's WebSphere Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the server issues cookies in a predictable manner, allowing trivial brute force guessing of arbitrary user sessions, resulting in a loss of confidentiality and integrity.
Upgrade to version 4.X or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): apply the fix PQ47663V302 available via the Vendor URL