CVE-2013-6309
IBM Marketing Platform 9.1 - Authenticated Session Hijacking via Link Injection
Title source: llmDescription
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676688
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88559
Scores
EPSS
0.0095
EPSS Percentile
56.7%
Details
CWE
CWE-94
Status
published
Products (2)
ibm/marketing_platform
9.1.0.0
ibm/marketing_platform
9.1.0.1
Published
Jun 28, 2014
Tracked Since
Feb 18, 2026