CVE-2015-7446

HIGH

IBM Flash System V9000 <7.4.1.4-7.6.0.4 - CSRF

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0074
EPSS Percentile 50.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (3)
ibm/flashsystem_v9000_firmware 7.4
ibm/flashsystem_v9000_firmware 7.5
ibm/flashsystem_v9000_firmware 7.6
Published Mar 12, 2016
Tracked Since Feb 18, 2026