Lucene search

IBM2EA78F69D6DF097BF3BC6BDFBEBE805DD4788BA5DB1BF2519D35FBD064206DEF

HistorySep 17, 2024 - 8:19 p.m.

Security Bulletin: PrototypeJS shipped with IBM Tivoli Business Service Manager is vulnerable to cross-site request forgery (CVE-2008-7220)

2024-09-1720:19:41

www.ibm.com

cross-site request forgery

ibm tivoli business service manager

prototypejs

cve-2008-7220

security bulletin

vulnerability

remediation

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

JSON

Summary

PrototypeJS is shipped as part of front-end component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting PrototypeJS has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2008-7220
**DESCRIPTION:**An unspecified error in the Prototype JavaScript framework (prototypejs), as used in multiple products, could allow a remote attacker to conduct cross-site ajax requests using unknown attack vectors. Note: This vulnerability affects the AJAX-based manager interface, ajamdemo.html, in certain versions of Asterisk.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/53652 for the current score.
CVSS Vector:

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Business Service Manager	6.2.0 - 6.2.0.5

Remediation/Fixes

Product	VRMF	APAR	Remediation
IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.5	6.2.0.5 IF5	DT391605	Upgrade to IBM Tivoli Business Service Manager 6.2.0.5 IF5

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_business_service_managerMatch6.2.0

VendorProductVersionCPE
ibmtivoli_business_service_manager6.2.0cpe:2.3:a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_business_service_manager	6.2.0	cpe:2.3:a:ibm:tivoli_business_service_manager:6.2.0:::::::*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

JSON

Related for 2EA78F69D6DF097BF3BC6BDFBEBE805DD4788BA5DB1BF2519D35FBD064206DEF