Vulnerability Details CVE-2015-7465
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2015-7465
-
cpe:2.3:a:ibm:jazz_reporting_service:6.0