IBM InfoSphere Information Server Vulnerable to Cross-Site Request Forgery
CVE-2024-31902

8.8HIGH

Key Information:

Vendor: IBM
Status: Infosphere Information Server
Vendor: CVE Published:; 30 June 2024

Summary

The vulnerability in IBM InfoSphere Information Server 11.7 enables a cross-site request forgery (CSRF) attack, allowing malicious actors to execute unauthorized actions on behalf of a trusted user. CSRF exploits the trust that a web application has in a user's session, which can lead to significant security breaches, including data manipulation or unauthorized access to sensitive information. Organizations utilizing IBM InfoSphere should take immediate precautions to mitigate the impacts of this vulnerability.

Affected Version(s)

InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/7159066

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/289234

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2024
Vulnerability Reserved
Apr 7, 2024