Cross site request forgery (csrf)

2012-10-0810:47:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.4%

JSON

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.

CPENameOperatorVersion
lotus_notes_travelereq8.5.0.0
lotus_notes_travelereq8.5.2.1
lotus_notes_travelereq8.5.0.2
lotus_notes_travelereq8.5.1.3
lotus_notes_travelereq8.5.3.1
lotus_notes_travelereq8.5.3
lotus_notes_travelereq8.5.0.1
lotus_notes_travelereq8.5.1.2
lotus_notes_travelereq8.5.3.3 interimfix1
lotus_notes_travelereq8.5.3.2

Name	Operator	Version
lotus_notes_traveler	eq	8.5.0.0
lotus_notes_traveler	eq	8.5.2.1
lotus_notes_traveler	eq	8.5.0.2
lotus_notes_traveler	eq	8.5.1.3
lotus_notes_traveler	eq	8.5.3.1
lotus_notes_traveler	eq	8.5.3
lotus_notes_traveler	eq	8.5.0.1
lotus_notes_traveler	eq	8.5.1.2
lotus_notes_traveler	eq	8.5.3.3 interimfix1
lotus_notes_traveler	eq	8.5.3.2