CVE-2013-4057

IBM InfoSphere Information Server 8.5.x-8.5 FP3, 8.7.x-8.7 FP2, 9.1.x-9.1.2.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

References (6)

Core 6
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66154
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21666684
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86546

Scores

EPSS 0.0069
EPSS Percentile 48.6%

Details

CWE
CWE-352
Status published
Products (10)
ibm/infosphere_information_server 8.5
ibm/infosphere_information_server 8.5.0.1
ibm/infosphere_information_server 8.5.0.2
ibm/infosphere_information_server 8.5.0.3
ibm/infosphere_information_server 8.7
ibm/infosphere_information_server 8.7.0.1
ibm/infosphere_information_server 8.7.0.2
ibm/infosphere_information_server 9.1
ibm/infosphere_information_server 9.1.0.1
ibm/infosphere_information_server 9.1.2
Published Mar 16, 2014
Tracked Since Feb 18, 2026