CVE-2015-5007

Опубликовано: 15 янв. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack_8:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00112

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-m58c-hm9q-fwxq