PT-2016-3760 · Ibm · Lotus Mashups+1

Published

2016-01-02

Updated

2016-11-28

CVE-2015-7407

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Mashup Center version 3.0.0.1

Description A cross-site request forgery (CSRF) issue in Lotus Mashups allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Recommendations For IBM Mashup Center version 3.0.0.1, consider implementing anti-CSRF measures, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive operations that can insert XSS sequences until a patch is available.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2015-7407

Affected Products

Ibm Mashup Center

Lotus Mashups

PT-2016-3760 · Ibm · Lotus Mashups+1

CVE-2015-7407

Weakness Enumeration

Related Identifiers

Affected Products

References · 4