Lucene search

IbmCVE-2012-5950

HistoryApr 23, 2013 - 11:47 a.m.

CVE-2012-5950

2013-04-2311:47:35

CWE-352

ibm

web.nvd.nist.gov

ibm

tririga

application platform

csrf

vulnerability

authentication hijacking

data records

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

39.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users for requests that modify data records via vectors involving (1) the html/en/default/ directory or (2) sqa/html/en/default/process/comm/saveProps.jsp.

Affected configurations

Nvd

Node

ibmtririga_application_platformMatch2.1

ibmtririga_application_platformMatch2.5

ibmtririga_application_platformMatch2.6

ibmtririga_application_platformMatch2.7

ibmtririga_application_platformMatch3.0

ibmtririga_application_platformMatch3.1

ibmtririga_application_platformMatch3.2

ibmtririga_application_platformMatch3.2.1

ibmtririga_application_platformMatch8.0

VendorProductVersionCPE
ibmtririga_application_platform2.1cpe:2.3:a:ibm:tririga_application_platform:2.1:*:*:*:*:*:*:*
ibmtririga_application_platform2.5cpe:2.3:a:ibm:tririga_application_platform:2.5:*:*:*:*:*:*:*
ibmtririga_application_platform2.6cpe:2.3:a:ibm:tririga_application_platform:2.6:*:*:*:*:*:*:*
ibmtririga_application_platform2.7cpe:2.3:a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:*
ibmtririga_application_platform3.0cpe:2.3:a:ibm:tririga_application_platform:3.0:*:*:*:*:*:*:*
ibmtririga_application_platform3.1cpe:2.3:a:ibm:tririga_application_platform:3.1:*:*:*:*:*:*:*
ibmtririga_application_platform3.2cpe:2.3:a:ibm:tririga_application_platform:3.2:*:*:*:*:*:*:*
ibmtririga_application_platform3.2.1cpe:2.3:a:ibm:tririga_application_platform:3.2.1:*:*:*:*:*:*:*
ibmtririga_application_platform8.0cpe:2.3:a:ibm:tririga_application_platform:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tririga_application_platform	2.1	cpe:2.3:a:ibm:tririga_application_platform:2.1:::::::*
ibm	tririga_application_platform	2.5	cpe:2.3:a:ibm:tririga_application_platform:2.5:::::::*
ibm	tririga_application_platform	2.6	cpe:2.3:a:ibm:tririga_application_platform:2.6:::::::*
ibm	tririga_application_platform	2.7	cpe:2.3:a:ibm:tririga_application_platform:2.7:::::::*
ibm	tririga_application_platform	3.0	cpe:2.3:a:ibm:tririga_application_platform:3.0:::::::*
ibm	tririga_application_platform	3.1	cpe:2.3:a:ibm:tririga_application_platform:3.1:::::::*
ibm	tririga_application_platform	3.2	cpe:2.3:a:ibm:tririga_application_platform:3.2:::::::*
ibm	tririga_application_platform	3.2.1	cpe:2.3:a:ibm:tririga_application_platform:3.2.1:::::::*
ibm	tririga_application_platform	8.0	cpe:2.3:a:ibm:tririga_application_platform:8.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21628849

exchange.xforce.ibmcloud.com/vulnerabilities/80630

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

39.2%

JSON

Related for CVE-2012-5950