CVE-2015-5037 — Cross-Site Request Forgery in IBM Connections

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 86.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Connections

Timeline

PublishedJan 3

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDibm/connections3.0.1.1+3

🔴Vulnerability Details

GHSA

GHSA-53rh-rx6m-mrw6: Cross-site request forgery (CSRF) vulnerability in IBM Connections 3↗2022-05-17

▶

CVEList

CVE-2015-5037: Cross-site request forgery (CSRF) vulnerability in IBM Connections 3↗2016-01-03

▶