CVE-2016-2884 Information
Feb 14, 2021
cve
Description
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1 in an unspecified non-default configuration allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg1LO89686 http://www-01.ibm.com/support/docview.wss?uid=swg21987252
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.0
Share on: