Cross-Site Request Forgery Vulnerability in IBM Jazz for Service Management
CVE-2016-9975

8.8HIGH

Key Information:

Vendor: IBM
Status: Jazz For Service Management
Vendor: CVE Published:; 24 February 2017

What is CVE-2016-9975?

IBM Jazz for Service Management versions 1.1.2.1 and 1.1.3 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This issue can enable an attacker to perform unauthorized actions by sending crafted requests from a trusted user, potentially compromising the integrity and operation of the application. It is crucial for users of affected versions to implement appropriate security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Jazz for Service Management 1.1.2.1

Jazz for Service Management 1.1.3

References

http://www.ibm.com/support/docview.wss?uid=swg21998714

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96444

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2017
Vulnerability Reserved
Dec 16, 2016