Cross-Site Request Forgery in IBM Application Performance Management
CVE-2018-1442

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 March 2018

Summary

IBM Application Performance Management, specifically the Response Time Monitoring Agent (version 8.1.4), is vulnerable to a cross-site request forgery (CSRF). This security weakness could be exploited by attackers to perform unauthorized actions on behalf of a trusted user. By sending crafted requests that the application trusts, an attacker might gain control over the actions of the legitimate user, potentially leading to data manipulation and security breaches. IBM X-Force ID: 139598.

Affected Version(s)

Monitoring 8.1.4

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.