Описание
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
Ссылки
- Broken Link
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Broken Link
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 3.5
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
EPSS
Процентиль: 13%
0.00044
Низкий
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-352