CVE-2015-7465
HIGH EXPLOITED IN THE WILD RANSOMWAREIBM Jazz Reporting Service <6.0.0-Rational-CLM-ifix005 - CSRF
Title source: llmExploitation Summary
CVE-2015-7465 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.
Description
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21972484
Scores
CVSS v3
8.8
EPSS
0.0055
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2022-01-26
InTheWild.io
2022-05-25
Ransomware Use
Confirmed
CWE
CWE-352
Status
published
Products (1)
ibm/jazz_reporting_service
6.0
Published
Jan 10, 2016
Tracked Since
Feb 18, 2026