Описание
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00222
Низкий
6 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
EPSS
Процентиль: 45%
0.00222
Низкий
6 Medium
CVSS2
Дефекты
CWE-352