CVE-2014-3037 Information

Description

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1 Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1 and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Reference

http://secunia.com/advisories/60649 http://secunia.com/advisories/61071 http://www.securityfocus.com/bid/69658 http://www-01.ibm.com/support/docview.wss?uid=swg21682120 https://exchange.xforce.ibmcloud.com/vulnerabilities/93303