CVE-2015-7465

Name of the Vulnerable Software and Affected Versions IBM Jazz Reporting Service (JRS) version 6.0 before 6.0.0-Rational-CLM-ifix005

Description A cross-site request forgery (CSRF) issue in the Lifecycle Query Engine (LQE) of IBM Jazz Reporting Service (JRS) allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Recommendations For IBM Jazz Reporting Service (JRS) version 6.0 before 6.0.0-Rational-CLM-ifix005, update to version 6.0.0-Rational-CLM-ifix005 or later to resolve the issue. As a temporary workaround, consider restricting access to the LQE component to minimize the risk of exploitation.