CVE-2016-6100

IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000771.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
ibmdisposal_and_governance_management_for_it
6.0
ibmdisposal_and_governance_management_for_it
6.0.1.0
ibmdisposal_and_governance_management_for_it
6.0.1.1
ibmdisposal_and_governance_management_for_it
6.0.1.2
ibmdisposal_and_governance_management_for_it
6.0.1.3
ibmdisposal_and_governance_management_for_it
6.0.1.4
ibmdisposal_and_governance_management_for_it
6.0.1.5
ibmdisposal_and_governance_management_for_it
6.0.1.6
ibmdisposal_and_governance_management_for_it
6.0.1.7
ibmdisposal_and_governance_management_for_it
6.0.2
ibmdisposal_and_governance_management_for_it
6.0.3
ibmdisposal_and_governance_management_for_it
6.0.3.1
ibmdisposal_and_governance_management_for_it
6.0.3.2
ibmdisposal_and_governance_management_for_it
6.0.3.3
ibmdisposal_and_governance_management_for_it
6.0.3.4
ibmglobal_retention_policy_and_schedule_management
6.0
ibmglobal_retention_policy_and_schedule_management
6.0.1.0
ibmglobal_retention_policy_and_schedule_management
6.0.1.1
ibmglobal_retention_policy_and_schedule_management
6.0.1.2
ibmglobal_retention_policy_and_schedule_management
6.0.1.3
ibmglobal_retention_policy_and_schedule_management
6.0.1.4
ibmglobal_retention_policy_and_schedule_management
6.0.1.5
ibmglobal_retention_policy_and_schedule_management
6.0.1.6
ibmglobal_retention_policy_and_schedule_management
6.0.1.7
ibmglobal_retention_policy_and_schedule_management
6.0.2
ibmglobal_retention_policy_and_schedule_management
6.0.3
ibmglobal_retention_policy_and_schedule_management
6.0.3.1
ibmglobal_retention_policy_and_schedule_management
6.0.3.2
ibmglobal_retention_policy_and_schedule_management
6.0.3.3
ibmglobal_retention_policy_and_schedule_management
6.0.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg22000771
http://www.securityfocus.com/bid/97326
http://www.ibm.com/support/docview.wss?uid=swg22000771
http://www.securityfocus.com/bid/97326