Cross-Site Request Forgery Vulnerability in IBM Cloud Pak System
CVE-2020-4917

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
4 January 2021

Summary

IBM Cloud Pak System 2.3 contains a vulnerability that enables cross-site request forgery (CSRF), allowing attackers to perform unauthorized actions on behalf of trusted users. This type of vulnerability exploits the trust a system has in a user's browser, potentially leading to significant security breaches. Organizations using this version should take immediate action to mitigate the risks involved.

Affected Version(s)

Cloud Pak System 2.3

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.