Cross-Site Request Forgery Vulnerability in IBM Jazz for Service Management
CVE-2017-1746

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
20 December 2017

Summary

IBM Jazz for Service Management, specifically version 1.1.3 of IBM Tivoli Components, is vulnerable to a cross-site request forgery (CSRF) attack. This flaw allows attackers to exploit the trust established between the user and the web application, enabling them to execute unauthorized actions without the user's consent. Successful exploitation of this vulnerability could result in data breaches or unauthorized changes to user accounts, posing significant risks to users of the affected software.

Affected Version(s)

Tivoli Components 1.1.3

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.