Cross-Site Request Forgery Vulnerability in IBM Disposal and Governance Management
CVE-2016-6100

8.8HIGH

Key Information:

Vendor: IBM
Status: Atlas Policy Suite
Vendor: CVE Published:; 5 April 2017

Summary

A cross-site request forgery (CSRF) vulnerability exists in IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, part of the IBM Atlas Policy Suite 6.0.3. This flaw could enable an attacker to execute unauthorized actions on behalf of a trusted user, potentially compromising sensitive information and system integrity. The security risks associated with this vulnerability necessitate immediate attention to safeguard users and their data.

Affected Version(s)

Atlas Policy Suite 6.0.3

Atlas Policy Suite 6.0.3.1

Atlas Policy Suite 6.0.3.2

References

http://www.ibm.com/support/docview.wss?uid=swg22000771

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97326

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2017
Vulnerability Reserved
Jun 29, 2016