Cross-Site Request Forgery in IBM Application Performance Management
CVE-2018-1442

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Monitoring
Vendor
CVE Published:
8 March 2018

Summary

IBM Application Performance Management, specifically the Response Time Monitoring Agent (version 8.1.4), is vulnerable to a cross-site request forgery (CSRF). This security weakness could be exploited by attackers to perform unauthorized actions on behalf of a trusted user. By sending crafted requests that the application trusts, an attacker might gain control over the actions of the legitimate user, potentially leading to data manipulation and security breaches. IBM X-Force ID: 139598.

Affected Version(s)

Monitoring 8.1.4

References

http://www.securityfocus.com/bid/103368
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/139598
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg22013500
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.