CVE-2014-0933 — Cross-Site Request Forgery in IBM Infosphere Information Server Metadata Workbench

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 70.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Information Server Metadata Workbench

Timeline

PublishedMay 16

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/infosphere_information13 versions+12

🔴Vulnerability Details

GHSA

GHSA-8qrw-cf25-jhqc: Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8↗2022-05-17

▶

CVEList

CVE-2014-0933: Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8↗2014-05-16

▶