Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21983147 | Vendor Advisory |
http://www.securityfocus.com/bid/91766 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21983147 | Vendor Advisory |
http://www.securityfocus.com/bid/91766 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21983147 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/91766 - |
Information
Published : 2016-07-08 01:59
Updated : 2024-11-21 02:49
NVD link : CVE-2016-2889
Mitre link : CVE-2016-2889
CVE.ORG link : CVE-2016-2889
JSON object : View
Products Affected
ibm
- jazz_reporting_service
CWE
CWE-352
Cross-Site Request Forgery (CSRF)