Lucene search

[email protected]NVD:CVE-2014-0929

HistoryJun 08, 2014 - 11:55 p.m.

CVE-2014-0929

2014-06-0823:55:02

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

36.2%

JSON

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.

Affected configurations

Nvd

Node

ibmconnectionsRange≤3.0.1.1

ibmconnectionsMatch1.0.0.0

ibmconnectionsMatch1.0.1.0

ibmconnectionsMatch1.0.2.0

ibmconnectionsMatch2.0.0.0

ibmconnectionsMatch2.0.1.0

ibmconnectionsMatch2.0.1.1

ibmconnectionsMatch2.5.0.0

ibmconnectionsMatch2.5.0.1

ibmconnectionsMatch2.5.0.2

ibmconnectionsMatch2.5.0.3

ibmconnectionsMatch3.0.0.0

ibmconnectionsMatch3.0.1.0

VendorProductVersionCPE
ibmconnections*cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*
ibmconnections1.0.0.0cpe:2.3:a:ibm:connections:1.0.0.0:*:*:*:*:*:*:*
ibmconnections1.0.1.0cpe:2.3:a:ibm:connections:1.0.1.0:*:*:*:*:*:*:*
ibmconnections1.0.2.0cpe:2.3:a:ibm:connections:1.0.2.0:*:*:*:*:*:*:*
ibmconnections2.0.0.0cpe:2.3:a:ibm:connections:2.0.0.0:*:*:*:*:*:*:*
ibmconnections2.0.1.0cpe:2.3:a:ibm:connections:2.0.1.0:*:*:*:*:*:*:*
ibmconnections2.0.1.1cpe:2.3:a:ibm:connections:2.0.1.1:*:*:*:*:*:*:*
ibmconnections2.5.0.0cpe:2.3:a:ibm:connections:2.5.0.0:*:*:*:*:*:*:*
ibmconnections2.5.0.1cpe:2.3:a:ibm:connections:2.5.0.1:*:*:*:*:*:*:*
ibmconnections2.5.0.2cpe:2.3:a:ibm:connections:2.5.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	connections	*	cpe:2.3:a:ibm:connections::::::::
ibm	connections	1.0.0.0	cpe:2.3:a:ibm:connections:1.0.0.0:::::::*
ibm	connections	1.0.1.0	cpe:2.3:a:ibm:connections:1.0.1.0:::::::*
ibm	connections	1.0.2.0	cpe:2.3:a:ibm:connections:1.0.2.0:::::::*
ibm	connections	2.0.0.0	cpe:2.3:a:ibm:connections:2.0.0.0:::::::*
ibm	connections	2.0.1.0	cpe:2.3:a:ibm:connections:2.0.1.0:::::::*
ibm	connections	2.0.1.1	cpe:2.3:a:ibm:connections:2.0.1.1:::::::*
ibm	connections	2.5.0.0	cpe:2.3:a:ibm:connections:2.5.0.0:::::::*
ibm	connections	2.5.0.1	cpe:2.3:a:ibm:connections:2.5.0.1:::::::*
ibm	connections	2.5.0.2	cpe:2.3:a:ibm:connections:2.5.0.2:::::::*

Rows per page:

1-10 of 131

References

secunia.com/advisories/59046

www-01.ibm.com/support/docview.wss?uid=swg1LO79622

www-01.ibm.com/support/docview.wss?uid=swg21668509

exchange.xforce.ibmcloud.com/vulnerabilities/92261

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

36.2%

JSON

Related for NVD:CVE-2014-0929

cvelist1 cve1 prion1