Cross-Site Request Forgery Vulnerability in IBM InfoSphere Guardium by IBM
CVE-2012-3309

Currently unrated

Key Information:

Vendor: IBM
Status: Infosphere Guardium
Vendor: CVE Published:; 29 August 2012

Summary

A security flaw in the account-creation panel of IBM InfoSphere Guardium 8.2 and earlier versions occurs when the CSRF filtering feature is disabled. This vulnerability enables remote attackers to execute unauthorized requests that can hijack the authentication of administrators. The attackers can potentially create new administrative accounts without the proper authorization, posing a significant threat to the integrity of the application's administrative functions.

References

http://www.ibm.com/support/docview.wss?uid=swg21609223

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/77745

vdb-entryx_refsource_XF

http://www.securitytracker.com/id?1027455

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 29, 2012
Vulnerability Reserved
Jun 7, 2012