Cross-Site Request Forgery Vulnerability in IBM Jazz for Service Management
CVE-2017-1631

8.8HIGH

Key Information:

Vendor: IBM
Status: Tivoli Components
Vendor: CVE Published:; 20 December 2017

What is CVE-2017-1631?

The IBM Jazz for Service Management product, specifically version 1.1.3 of IBM Tivoli Components, is susceptible to a cross-site request forgery vulnerability. This issue allows attackers to perform unauthorized actions by transmitting malicious requests through a trusted user's session, compromising the integrity of user interactions on the platform. Organizations utilizing this product should ensure that security measures are implemented to mitigate the potential risks associated with this vulnerability.

Affected Version(s)

Tivoli Components 1.1.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/133140

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22011307

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
Nov 30, 2016