Cross-Site Request Forgery Vulnerability in IBM Flash System V9000
CVE-2015-7446

8.8HIGH

Key Information:

Vendor: IBM
Status: Flashsystem V9000 Firmware
Vendor: CVE Published:; 12 March 2016

Summary

A CSRF vulnerability exists in the IBM Flash System V9000 that can allow remote attackers to exploit user sessions without authorization. This weakness permits attackers to hijack user sessions, leading to potential insertion of malicious XSS sequences, further compromising the system's integrity. Users should ensure they update to the latest versions to mitigate risks.

References

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2016
Vulnerability Reserved
Sep 29, 2015