CVE-2012-0748 — Cross-Site Request Forgery in IBM Rational Team Concert

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 68.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Team Concert

Timeline

PublishedOct 1

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/rational_team_concert4.0

🔴Vulnerability Details

GHSA

GHSA-2v6j-6m6r-28qj: Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4↗2022-05-17

▶

CVEList

CVE-2012-0748: Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4↗2012-10-01

▶

💬Community

Bugzilla

CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored↗2012-06-12

▶