CVE-2016-2863

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.0HIGH

EPSS

0.1%

top 71.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Commerce

Timeline

PublishedJul 3

Latest updateMay 13

Description

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

▶NVDibm/websphere_commerce10 versions+9

🔴Vulnerability Details

GHSA

GHSA-p98q-wg7p-cp6v: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7↗2022-05-13

▶

CVEList

CVE-2016-2863: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7↗2016-07-03

▶