CVE-2016-3007

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
ibmconnections
4.0.0.0
ibmconnections
4.5.0.0
ibmconnections
5.0.0.0
ibmconnections
5.5.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
http://www.securityfocus.com/bid/93168
https://www-01.ibm.com/support/docview.wss?uid=swg21989067
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89962
http://www.securityfocus.com/bid/93168
https://www-01.ibm.com/support/docview.wss?uid=swg21989067