CVE-2016-3009

Published: Nov 30, 2016Modified: May 6, 2026

3.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.1 / Impact: 1.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.

Affected (3)

Products: Ibm: Connections

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Connections	Version 4.0.0.0
Ibm Connections	Version 4.5.0.0
Ibm Connections	Version 5.0.0.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039

Source: psirt@us.ibm.com

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21990864

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/94329

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21990864

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/94329

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.