CVE-2013-4000 — Cross-Site Request Forgery in IBM Cognos Command Center

CWE-352 — Cross-Site Request Forgery CWE-399 CWE-2556 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 71.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cognos Command Center

Timeline

PublishedDec 14

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/cognos_command_center10.1+1

🔴Vulnerability Details

GHSA

GHSA-6hg5-jqvr-2wj8: Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10↗2022-05-17

▶

Kernel

pipe: limit the per-user amount of pages allocated in pipes↗2016-01-18

▶

CVEList

CVE-2013-4000: Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10↗2013-12-14

▶

📋Vendor Advisories

Cisco

Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability↗2013-11-13

▶

Cisco

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability↗2013-10-15

▶