CVE-2024-31902Cross-Site Request Forgery in IBM Infosphere Information Server

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
CNA4.3
EPSS
0.1%
top 66.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Infosphere Information Server
Timeline
PublishedJun 30

Description

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-rfrp-hqmx-gff6: IBM InfoSphere Information Server 112024-06-30
CVEList
IBM InfoSphere Information Server cross-site request forgery2024-06-30
CVE-2024-31902 — Cross-Site Request Forgery in IBM | cvebase