CVE-2016-3004

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 77.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Connections

Timeline

PublishedNov 30

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:LExploitability: 2.1 | Impact: 2.5

Affected Packages1 packages

▶NVDibm/connections4.0.0.0, 4.5.0.0, 5.0.0.0+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-772j-xw3h-f4ph: Cross-site request forgery (CSRF) vulnerability in IBM Connections 4↗2022-05-17

▶

CVEList

CVE-2016-3004: Cross-site request forgery (CSRF) vulnerability in IBM Connections 4↗2016-11-30

▶