CSRF Vulnerability in IBM Forms Experience Builder by IBM
CVE-2016-2884
8HIGH
Summary
A CSRF vulnerability exists in IBM Forms Experience Builder versions 8.5.x and 8.6.x prior to 8.6.3.1, allowing remote authenticated users to manipulate sessions of unsuspecting users. This can lead to unauthorized actions being performed on behalf of the users without their consent, potentially enabling attackers to exploit other vulnerabilities, such as insertion of XSS sequences, in an unspecified non-default configuration.
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved