Cross-Site Request Forgery Vulnerability in IBM Tivoli Storage Manager Operations Center
CVE-2016-6045

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Tivoli Storage Manager Operations Center is susceptible to Cross-Site Request Forgery (CSRF). This vulnerability enables attackers to carry out malicious and unauthorized actions on behalf of authenticated users, potentially compromising sensitive data and impacting system integrity. Users of the affected software should implement protective measures to mitigate the risk of exploitation, such as ensuring that authentication tokens are validated for all state-changing requests.

Affected Version(s)

Tivoli Storage Manager Extended Edition 6.4

Tivoli Storage Manager Extended Edition 7.1

Tivoli Storage Manager Extended Edition 7.1.1

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.