CVE-2016-0317

MEDIUM

IBM Jazz Reporting Service <6.0.1 - CSRF

Title source: llm
STIX 2.1

Description

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21983137
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92463

Scores

CVSS v3 6.5
EPSS 0.0094
EPSS Percentile 56.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-284
Status published
Products (2)
ibm/jazz_reporting_service 6.0
ibm/jazz_reporting_service 6.0.1
Published Nov 25, 2016
Tracked Since Feb 18, 2026