CVE-2016-2965

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 64.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sametime
Timeline
PublishedAug 29
Latest updateMay 17

Description

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/sametime5 versions+4
NVDibm/sametime5 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
GHSA
GHSA-cjwf-q7x3-cr7q: IBM Sametime Meeting Server 82022-05-17
CVEList
CVE-2016-2965: IBM Sametime Meeting Server 82017-08-29
OSV
linux-lts-xenial vulnerabilities2016-05-06
CVE-2016-2965 (MEDIUM CVSS 6.5) | IBM Sametime Meeting Server 8.5.2 a | cvebase.io