Cross-Site Request Forgery Vulnerability in IBM Watson Studio Local
CVE-2024-49340

8.8HIGH

Key Information:

Vendor: IBM
Status: Watson Studio Local
Vendor: CVE Published:; 16 October 2024

Summary

IBM Watson Studio Local version 1.2.3 contains a vulnerability that exposes the application to cross-site request forgery (CSRF) attacks. This security flaw could enable an attacker to perform unauthorized actions by exploiting the trust that the application places in the user's browser. If successfully exploited, an attacker could manipulate the functionality of the application, compromising user data and altering the application's settings without consent. Users are advised to implement appropriate security measures to mitigate the risk associated with this vulnerability.

References

https://www.ibm.com/support/pages/node/1144438

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024