CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2889

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2016-2889

Ibm » Jazz Reporting Service » Version: 5.0

cpe:2.3:a:ibm:jazz_reporting_service:5.0
Ibm » Jazz Reporting Service » Version: 5.0.1

cpe:2.3:a:ibm:jazz_reporting_service:5.0.1
Ibm » Jazz Reporting Service » Version: 5.0.2

cpe:2.3:a:ibm:jazz_reporting_service:5.0.2
Ibm » Jazz Reporting Service » Version: 6.0

cpe:2.3:a:ibm:jazz_reporting_service:6.0
Ibm » Jazz Reporting Service » Version: 6.0.1

cpe:2.3:a:ibm:jazz_reporting_service:6.0.1
Ibm » Jazz Reporting Service » Version: 6.0.2

cpe:2.3:a:ibm:jazz_reporting_service:6.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2889

Products

Pricing

Contact Us