Vulnerability Details CVE-2012-3309
Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.7%
CVSS Severity
CVSS v2 Score 6.8
References
- http://en.securitylab.ru/lab/
- http://en.securitylab.ru/lab/PT-2012-15
- http://www.ibm.com/support/docview.wss?uid=swg21609223
- http://www.securitytracker.com/id?1027455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77745
- http://en.securitylab.ru/lab/
- http://en.securitylab.ru/lab/PT-2012-15
- http://www.ibm.com/support/docview.wss?uid=swg21609223
- http://www.securitytracker.com/id?1027455
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77745
Products affected by CVE-2012-3309
-
cpe:2.3:a:ibm:infosphere_guardium:7.00
-
cpe:2.3:a:ibm:infosphere_guardium:8.0
-
cpe:2.3:a:ibm:infosphere_guardium:8.0.0
-
cpe:2.3:a:ibm:infosphere_guardium:8.0.1
-
cpe:2.3:a:ibm:infosphere_guardium:8.00
-
cpe:2.3:a:ibm:infosphere_guardium:8.01
-
cpe:2.3:a:ibm:infosphere_guardium:8.2