CVE-2013-4057
IBM InfoSphere Information Server 8.5.x-8.5 FP3, 8.7.x-8.7 FP2, 9.1.x-9.1.2.0 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.
References (6)
Core 6
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66154
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21666684
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86546
Scores
EPSS
0.0069
EPSS Percentile
48.6%
Details
CWE
CWE-352
Status
published
Products (10)
ibm/infosphere_information_server
8.5
ibm/infosphere_information_server
8.5.0.1
ibm/infosphere_information_server
8.5.0.2
ibm/infosphere_information_server
8.5.0.3
ibm/infosphere_information_server
8.7
ibm/infosphere_information_server
8.7.0.1
ibm/infosphere_information_server
8.7.0.2
ibm/infosphere_information_server
9.1
ibm/infosphere_information_server
9.1.0.1
ibm/infosphere_information_server
9.1.2
Published
Mar 16, 2014
Tracked Since
Feb 18, 2026