Lucene search

[email protected]CVE-2016-2863

HistoryJul 03, 2016 - 9:59 p.m.

CVE-2016-2863

2016-07-0321:59:12

CWE-352

[email protected]

web.nvd.nist.gov

ibm

websphere commerce

csrf

vulnerability

nvd

xss

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

NVD

Node

ibmwebsphere_commerceMatch7.0feature_pack_8

ibmwebsphere_commerceMatch8.0.0.0

ibmwebsphere_commerceMatch8.0.0.1

ibmwebsphere_commerceMatch8.0.0.2

ibmwebsphere_commerceMatch8.0.0.3

ibmwebsphere_commerceMatch8.0.0.5

ibmwebsphere_commerceMatch8.0.0.6

ibmwebsphere_commerceMatch8.0.0.7

ibmwebsphere_commerceMatch8.0.0.8

ibmwebsphere_commerceMatch8.0.0.9

CPENameOperatorVersion
ibm:websphere_commerceibm websphere commerceeq7.0
ibm:websphere_commerceibm websphere commerceeq8.0.0.0
ibm:websphere_commerceibm websphere commerceeq8.0.0.1
ibm:websphere_commerceibm websphere commerceeq8.0.0.2
ibm:websphere_commerceibm websphere commerceeq8.0.0.3
ibm:websphere_commerceibm websphere commerceeq8.0.0.5
ibm:websphere_commerceibm websphere commerceeq8.0.0.6
ibm:websphere_commerceibm websphere commerceeq8.0.0.7
ibm:websphere_commerceibm websphere commerceeq8.0.0.8
ibm:websphere_commerceibm websphere commerceeq8.0.0.9

CPE	Name	Operator	Version
ibm:websphere_commerce	ibm websphere commerce	eq	7.0
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.0
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.1
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.2
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.3
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.5
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.6
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.7
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.8
ibm:websphere_commerce	ibm websphere commerce	eq	8.0.0.9

References

www-01.ibm.com/support/docview.wss?uid=swg1JR55776

www-01.ibm.com/support/docview.wss?uid=swg21983626

www.securityfocus.com/bid/91544

www.securitytracker.com/id/1036219

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.3%

JSON

Related for CVE-2016-2863

nvd1 prion1 cvelist1