CVE-2014-0961

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.0MEDIUM
EPSS
0.1%
top 70.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Identity ManagerIBM Tivoli Identity Manager
Timeline
PublishedJun 8
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

NVDibm/tivoli_identity_manager20 versions+19
NVDibm/security_identity_manager6.0.0, 6.0.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-wvj5-m492-v978: Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 52022-05-17
CVEList
CVE-2014-0961: Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 52014-06-08
CVE-2014-0961 (MEDIUM CVSS 6) | Cross-site request forgery (CSRF) v | cvebase.io