Описание
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.
Ссылки
- Broken LinkVDB EntryVendor Advisory
- Vendor Advisory
- Broken LinkVDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.5 (включая) до 4.6 (исключая)Версия от 3.5 (включая) до 4.6 (исключая)
Одно из
cpe:2.3:a:ibm:db2_on_cloud_pak_for_data:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_warehouse_on_cloud_pak_for_data:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2u:3.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2u:4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2u:4.5:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.0014
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 6.5
github
около 3 лет назад
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.
EPSS
Процентиль: 34%
0.0014
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-352
CWE-352