CVE-2016-2889

HIGH

IBM Jazz Reporting Service CSRF (5.x < 5.0.2 ifix016, 6.0-6.0.1 < 6.0.1 ifix005, 6.0.2 < ifix002)

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91766
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Scores

CVSS v3 8.8
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (6)
ibm/jazz_reporting_service 5.0
ibm/jazz_reporting_service 5.0.1
ibm/jazz_reporting_service 5.0.2
ibm/jazz_reporting_service 6.0
ibm/jazz_reporting_service 6.0.1
ibm/jazz_reporting_service 6.0.2
Published Jul 08, 2016
Tracked Since Feb 18, 2026