CVE-2016-2863

EUVD-2016-3936
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_commerce
7.0:feature_pack_8
ibmwebsphere_commerce
8.0.0.0
ibmwebsphere_commerce
8.0.0.1
ibmwebsphere_commerce
8.0.0.2
ibmwebsphere_commerce
8.0.0.3
ibmwebsphere_commerce
8.0.0.5
ibmwebsphere_commerce
8.0.0.6
ibmwebsphere_commerce
8.0.0.7
ibmwebsphere_commerce
8.0.0.8
ibmwebsphere_commerce
8.0.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776
http://www-01.ibm.com/support/docview.wss?uid=swg21983626
http://www.securityfocus.com/bid/91544
http://www.securitytracker.com/id/1036219
http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776
http://www-01.ibm.com/support/docview.wss?uid=swg21983626
http://www.securityfocus.com/bid/91544
http://www.securitytracker.com/id/1036219