CVE-2015-5007

8.8HIGH

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 15 January 2016

Summary

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR54268

vendor-advisoryx_refsource_AIXAPAR

http://www.securitytracker.com/id/1034639

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg1JR54267

vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2016
Vulnerability Reserved
Jun 24, 2015

.