PT-2016-5271 · Ibm · Ibm Jazz Reporting Service
Publicado
2016-07-08
·
Atualizado
2016-11-28
·
CVE-2016-2889
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Jazz Reporting Service versions 5.x before 5.0.2 ifix016
IBM Jazz Reporting Service versions 6.0 and 6.0.1 before 6.0.1 ifix005
IBM Jazz Reporting Service version 6.0.2 before ifix002
Description
A cross-site request forgery (CSRF) issue exists in the Report Builder and Data Collection Component (DCC) of IBM Jazz Reporting Service, allowing remote authenticated users to hijack the authentication of arbitrary users.
Recommendations
For IBM Jazz Reporting Service versions 5.x before 5.0.2 ifix016, update to version 5.0.2 ifix016 or later.
For IBM Jazz Reporting Service versions 6.0 and 6.0.1 before 6.0.1 ifix005, update to version 6.0.1 ifix005 or later.
For IBM Jazz Reporting Service version 6.0.2 before ifix002, update to version 6.0.2 ifix002 or later.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Jazz Reporting Service