CVE-2016-2889

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:49

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg21983147 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21983147 - Vendor Advisory
References () http://www.securityfocus.com/bid/91766 - () http://www.securityfocus.com/bid/91766 -

Information

Published : 2016-07-08 01:59

Updated : 2024-11-21 02:49


NVD link : CVE-2016-2889

Mitre link : CVE-2016-2889

CVE.ORG link : CVE-2016-2889


JSON object : View

Products Affected

ibm

  • jazz_reporting_service
CWE
CWE-352

Cross-Site Request Forgery (CSRF)