CVE-2015-7465

HIGH EXPLOITED IN THE WILD RANSOMWARE

IBM Jazz Reporting Service <6.0.0-Rational-CLM-ifix005 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-7465 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns.

Description

Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21972484

Scores

CVSS v3 8.8
EPSS 0.0055
EPSS Percentile 42.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-01-26
InTheWild.io 2022-05-25
Ransomware Use Confirmed
CWE
CWE-352
Status published
Products (1)
ibm/jazz_reporting_service 6.0
Published Jan 10, 2016
Tracked Since Feb 18, 2026