IBM7AFEE9B1944251BE91826BEC34F5B7872C77B2773E77A44204DC868A991D446DSecurity Bulletin: IBM Security Network Protection contains a Cross-Site Request Forgery vulnerability.
EPSS
Percentile
47.7%
Summary
IBM Security Network Protection is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Vulnerability Details
CVEID:CVE-2014-6198 **DESCRIPTION: *IBM Security Network Protection is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98610 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products and Versions
IBM Security Network Protection 5.3
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Protection| Firmware version 5.3| Install Fixpack 5.3.1 from the Available Updates page of the local management interface, or by performing a One Time Scheduled Installation from SiteProtector.
Workarounds and Mitigations
none
Related
EPSS
Percentile
47.7%