CVE-2016-3009

Sažetak

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.

Reference

http://www.securityfocus.com/bid/94329
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039
http://www-01.ibm.com/support/docview.wss?uid=swg21990864

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-11-2016 - 18:43

Objavljeno

30-11-2016 - 11:59