CVE-2012-3309

IBM InfoSphere Guardium < 8.2 - Cross-Site Request Forgery in Account Creation Panel

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21609223
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77745
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027455
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/PT-2012-15
Various Sources x_refsource_misc
http://en.securitylab.ru/lab/

Scores

EPSS 0.0064
EPSS Percentile 46.5%

Details

CWE
CWE-352
Status published
Products (3)
ibm/infosphere_guardium 8.00
ibm/infosphere_guardium 8.01
ibm/infosphere_guardium < 8.2
Published Aug 29, 2012
Tracked Since Feb 18, 2026