The “notice confirmation” functionality in IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite, is impacted by a vulnerability that allows cross-site request forgery. Both products have addressed this vulnerability.
CVEID: CVE-2016-6100**
DESCRIPTION:** IBM Disposal and Governance Management for IT is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118256 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
IBM Disposal and Governance Management for IT v6.0 - _ 6.0.2 _
IBM Global Retention Policy and Schedule Management v6.0 - _6.0.2 _
IBM Disposal and Governance Management for IT v6.0.3 - _ 6.0.3.4 _
IBM Global Retention Policy and Schedule Management v6.0.3 - _6.0.3.4 _
_Fix_*
| VRMF|APAR|How to acquire fix
—|—|—|—
IBM Disposal and Governance Management for IT| 6.0 - 6.0.2| None| See Workarounds and Mitigations section
IBM Global Retention Policy and Schedule Management| 6.0 - 6.0.2| None| See Workarounds and Mitigations section
IBM Disposal and Governance Management for IT| 6.0.3_ - __ 6.0.3.4_| None| Contact support to verify your release to obtain the fix
IBM Global Retention Policy and Schedule Management| 6.0.3_ - __ 6.0.3.4_| None| Contact support to verify your release to obtain the fix
IBM Disposal and Governance Management for IT v6.0 - _6.0.2 _- Upgrade to v.6.0.3 and contact support for the fix
IBM Global Retention Policy and Schedule Management v6.0 - _6.0.2 _- Upgrade to v.6.0.3 and contact support for the fix
CPE | Name | Operator | Version |
---|---|---|---|
atlas policy suite | eq | 6.0.3.4 | |
atlas policy suite | eq | 6.0.3.3 | |
atlas policy suite | eq | 6.0.3.1 | |
atlas policy suite | eq | 6.0.3 |