Cross-Site Request Forgery Vulnerability in IBM TRIRIGA Application Platform
CVE-2016-0348

8HIGH

Key Information:

Vendor: IBM
Status: Tririga Application Platform
Vendor: CVE Published:; 21 February 2018

What is CVE-2016-0348?

A vulnerability exists in the IBM TRIRIGA Application Platform that allows attackers to exploit cross-site request forgery to hijack the authentication of users. This can enable unauthorized actions to be performed on behalf of the user, particularly the insertion of cross-site scripting (XSS) sequences, potentially compromising security. The affected versions are 3.3, 3.3.1, 3.3.2, and 3.4, making it crucial for users to ensure their systems are updated to mitigate the risk of exploitation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21980237

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/111813

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2018
Vulnerability Reserved
Dec 8, 2015