CVE-2015-5007

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 70.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedJan 15
Latest updateMay 24

Description

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDibm/websphere_commerce22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-m58c-hm9q-fwxq: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 62022-05-24
CVEList
CVE-2015-5007: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 62016-01-15
CVE-2015-5007 (HIGH CVSS 8.8) | Cross-site request forgery (CSRF) v | cvebase.io