CVE-2016-2878

8HIGH

Key Information:

Vendor
IBM
Status
Qradar Security Information And Event Manager
Vendor
CVE Published:
30 November 2016

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21987776
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95004
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.