Vulnerability Details CVE-2016-2998
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.6%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 3.5
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929
- http://www-01.ibm.com/support/docview.wss?uid=swg21988991
- http://www.securityfocus.com/bid/92578
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929
- http://www-01.ibm.com/support/docview.wss?uid=swg21988991
- http://www.securityfocus.com/bid/92578
Products affected by CVE-2016-2998
-
cpe:2.3:a:ibm:connections:4.0.0.0
-
cpe:2.3:a:ibm:connections:4.5.0.0
-
cpe:2.3:a:ibm:connections:5.0.0.0
-
cpe:2.3:a:ibm:connections:5.5.0.0