CVE-2015-1894

Published: May 25, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected (3)

Products: Ibm: Optim Workload Replay

Ibm

1 product

Optim Workload Replay

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Optim Workload Replay	Version 2.1.0.1
Ibm Optim Workload Replay	Version 2.1.0.2
Ibm Optim Workload Replay	Version 2.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21700768

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/74441

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www-01.ibm.com/support/docview.wss?uid=swg21700768

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/74441

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.