Cross-Site Request Forgery Vulnerability in IBM Jazz for Service Management
CVE-2017-1746
8.8HIGH
Summary
IBM Jazz for Service Management, specifically version 1.1.3 of IBM Tivoli Components, is vulnerable to a cross-site request forgery (CSRF) attack. This flaw allows attackers to exploit the trust established between the user and the web application, enabling them to execute unauthorized actions without the user's consent. Successful exploitation of this vulnerability could result in data breaches or unauthorized changes to user accounts, posing significant risks to users of the affected software.
Affected Version(s)
Tivoli Components 1.1.3
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved