Cross-Site Request Forgery Vulnerability in IBM Security Verify Information Queue
CVE-2021-20403

3.1LOW

Key Information:

Vendor: IBM
Status: Security Verify Information Queue
Vendor: CVE Published:; 11 February 2021

Summary

IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 are susceptible to a cross-site request forgery vulnerability, potentially permitting attackers to perform unauthorized actions by tricking users into executing commands without their consent. This exploitation involves leveraging the trust established between the affected application and its users, highlighting the importance of implementing robust security measures to thwart such threats.

Affected Version(s)

Security Verify Information Queue 1.0.6

Security Verify Information Queue 1.0.7

References

https://www.ibm.com/support/pages/node/6414365

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/196077

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2021
Vulnerability Reserved
Dec 17, 2020