Cross-Site Request Forgery Vulnerability in IBM InfoSphere Information Server
CVE-2022-30608

8.8HIGH

Key Information:

Vendor: IBM
Status: IBM Infosphere Information Server
Vendor: CVE Published:; 3 November 2022

Summary

IBM InfoSphere Information Server 11.7 exhibits a vulnerability that allows for cross-site request forgery (CSRF). This flaw could permit an attacker to execute unauthorized actions on behalf of an authenticated user, undermining the integrity of the server. Malicious requests can be made without the user's consent, which poses significant security risks for data integrity and user trust.

Affected Version(s)

IBM InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/6829335

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
May 12, 2022