CVE-2015-7446

CWE-352 — Cross-Site Request Forgery (CSRF)8 documents5 sources

Severity

8.8HIGH

EPSS

0.1%

top 71.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Flashsystem V9000 Firmware

Timeline

PublishedMar 12

Latest updateMay 14

Description

Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/flashsystem_v9000_firmware7.4, 7.5, 7.6+2

🔴Vulnerability Details

GHSA

GHSA-g8q2-r69c-j6r7: Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7↗2022-05-14

▶

CVEList

CVE-2015-7446: Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7↗2016-03-12

▶

OSV

linux-lts-utopic vulnerabilities↗2016-02-02

▶

OSV

linux-lts-vivid vulnerabilities↗2016-02-02

▶

OSV

linux vulnerabilities↗2016-02-02

▶

💬Community

Bugzilla

CVE-2013-7446 kernel: Unix sockets use after free - peer_wait_queue prematurely freed↗2015-11-17

▶