Cross-Site Request Forgery Vulnerability in IBM Mashup Center
CVE-2015-7407

8.8HIGH

Key Information:

Vendor
IBM
Status
Mashups Center
Vendor
CVE Published:
2 January 2016

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in IBM Mashup Center, allowing attackers to exploit the system by hijacking the authentication of users. This can lead to unauthorized actions being executed on behalf of authenticated users, particularly requests that may introduce cross-site scripting (XSS) payloads. Affected users are at risk of having their sessions hijacked without their consent, potentially compromising sensitive information and system integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT12268
vendor-advisoryx_refsource_AIXAPAR
http://www.securityfocus.com/bid/78455
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21970299
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.