CVE-2013-5443

Published: Mar 25, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.

Affected (4)

Products: Ibm: Cognos Express

Ibm

1 product

Cognos Express

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Express	Version 10.1
Ibm Cognos Express	Version 10.2.1
Ibm Cognos Express	Version 9.0
Ibm Cognos Express	Version 9.5

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21667626

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87819

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21667626

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/87819

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.