CVE-2016-2998

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
ibmconnections
4.0.0.0
ibmconnections
4.5.0.0
ibmconnections
5.0.0.0
ibmconnections
5.5.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929
http://www-01.ibm.com/support/docview.wss?uid=swg21988991
http://www.securityfocus.com/bid/92578
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89929
http://www-01.ibm.com/support/docview.wss?uid=swg21988991
http://www.securityfocus.com/bid/92578