CVE-2016-0295

Published: Feb 28, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363.

Affected (4)

Products: Ibm: Bigfix Platform

Ibm

1 product

Bigfix Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Bigfix Platform	From 9.5 to 9.5.2
Ibm Bigfix Platform	Version 9.0
Ibm Bigfix Platform	Version 9.1
Ibm Bigfix Platform	Version 9.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21985830

Source: psirt@us.ibm.com

MitigationVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/111363

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21985830

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/111363

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.