PT-2016-5271 · Ibm · Ibm Jazz Reporting Service
Published
2016-07-08
·
Updated
2016-11-28
·
CVE-2016-2889
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Jazz Reporting Service versions 5.x before 5.0.2 ifix016
IBM Jazz Reporting Service versions 6.0 and 6.0.1 before 6.0.1 ifix005
IBM Jazz Reporting Service version 6.0.2 before ifix002
Description
A cross-site request forgery (CSRF) issue exists in the Report Builder and Data Collection Component (DCC) of IBM Jazz Reporting Service, allowing remote authenticated users to hijack the authentication of arbitrary users.
Recommendations
For IBM Jazz Reporting Service versions 5.x before 5.0.2 ifix016, update to version 5.0.2 ifix016 or later.
For IBM Jazz Reporting Service versions 6.0 and 6.0.1 before 6.0.1 ifix005, update to version 6.0.1 ifix005 or later.
For IBM Jazz Reporting Service version 6.0.2 before ifix002, update to version 6.0.2 ifix002 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Jazz Reporting Service