Cross-Site Request Forgery Vulnerability in IBM Jazz for Service Management
CVE-2017-1746

8.8HIGH

Key Information:

Vendor: IBM
Status: Tivoli Components
Vendor: CVE Published:; 20 December 2017

Summary

IBM Jazz for Service Management, specifically version 1.1.3 of IBM Tivoli Components, is vulnerable to a cross-site request forgery (CSRF) attack. This flaw allows attackers to exploit the trust established between the user and the web application, enabling them to execute unauthorized actions without the user's consent. Successful exploitation of this vulnerability could result in data breaches or unauthorized changes to user accounts, posing significant risks to users of the affected software.

Affected Version(s)

Tivoli Components 1.1.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/135519

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22011308

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2017
Vulnerability Reserved
Nov 30, 2016