Описание
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Ссылки
- Not Applicable
- PatchVendor Advisory
- Not Applicable
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:forms_experience_builder:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:forms_experience_builder:8.6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
EPSS
Процентиль: 27%
0.00096
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352