CVE-2016-2889

Published: Jul 8, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.

Affected (6)

Products: Ibm: Jazz Reporting Service

Ibm

1 product

Jazz Reporting Service

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Jazz Reporting Service	Version 5.0.1
Ibm Jazz Reporting Service	Version 5.0.2
Ibm Jazz Reporting Service	Version 5.0
Ibm Jazz Reporting Service	Version 6.0.1
Ibm Jazz Reporting Service	Version 6.0.2
Ibm Jazz Reporting Service	Version 6.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/91766

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/91766

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.