Cross-Site Request Forgery in IBM BigFix Platform
CVE-2016-0295

8.8HIGH

Key Information:

Vendor: IBM
Status: Bigfix Platform
Vendor: CVE Published:; 28 February 2018

What is CVE-2016-0295?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the IBM BigFix Platform, impacting versions 9.0 through 9.5 prior to 9.5.2. This vulnerability allows remote attackers to exploit and hijack the authentication of users, potentially leading to unauthorized actions such as injecting cross-site scripting (XSS) sequences into legitimate requests. Users of the affected versions are strongly encouraged to apply the recommended updates to mitigate this security risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985830

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/111363

vdb-entryx_refsource_XF

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2018
Vulnerability Reserved
Dec 8, 2015