CVE-2016-3007

Sažetak

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.

Reference

http://www.securityfocus.com/bid/93168
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
https://www-01.ibm.com/support/docview.wss?uid=swg21989067

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

28-11-2016 - 20:05

Objavljeno

26-09-2016 - 04:59