Cross-Site Request Forgery Vulnerability in IBM Tivoli Storage Manager Operations Center
CVE-2016-6045
8.8HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 1 February 2017
Summary
IBM Tivoli Storage Manager Operations Center is susceptible to Cross-Site Request Forgery (CSRF). This vulnerability enables attackers to carry out malicious and unauthorized actions on behalf of authenticated users, potentially compromising sensitive data and impacting system integrity. Users of the affected software should implement protective measures to mitigate the risk of exploitation, such as ensuring that authentication tokens are validated for all state-changing requests.
Affected Version(s)
Tivoli Storage Manager Extended Edition 6.4
Tivoli Storage Manager Extended Edition 7.1
Tivoli Storage Manager Extended Edition 7.1.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved