The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.Referenceshttp://www.ibm.com/support/docview.wss?uid=swg21575642https://exchange.xforce.ibmcloud.com/vulnerabilities/72156
