Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7EF74962C15F1C45073C6C3E0C3C449B8FE46AE75560459BB40CB559826B460D
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management vulnerable to cross-site request forgery (CSRF)

2018-06-1712:17:56
www.ibm.com
11

0.001 Low

EPSS

Percentile

31.0%

JSON

Summary

The “notice confirmation” functionality in IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite, is impacted by a vulnerability that allows cross-site request forgery. Both products have addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2016-6100**
DESCRIPTION:** IBM Disposal and Governance Management for IT is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118256 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Disposal and Governance Management for IT v6.0 - _ 6.0.2 _
IBM Global Retention Policy and Schedule Management v6.0 - _6.0.2 _
IBM Disposal and Governance Management for IT v6.0.3 - _ 6.0.3.4 _
IBM Global Retention Policy and Schedule Management v6.0.3 - _6.0.3.4 _

Remediation/Fixes

_Fix_*

| VRMF|APAR|How to acquire fix
—|—|—|—
IBM Disposal and Governance Management for IT| 6.0 - 6.0.2| None| See Workarounds and Mitigations section
IBM Global Retention Policy and Schedule Management| 6.0 - 6.0.2| None| See Workarounds and Mitigations section
IBM Disposal and Governance Management for IT| 6.0.3_ - __ 6.0.3.4_| None| Contact support to verify your release to obtain the fix
IBM Global Retention Policy and Schedule Management| 6.0.3_ - __ 6.0.3.4_| None| Contact support to verify your release to obtain the fix

Workarounds and Mitigations

IBM Disposal and Governance Management for IT v6.0 - _6.0.2 _- Upgrade to v.6.0.3 and contact support for the fix
IBM Global Retention Policy and Schedule Management v6.0 - _6.0.2 _- Upgrade to v.6.0.3 and contact support for the fix

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Cross site request forgery (csrf)
2017-04-05 18:59:00
cve
cve
CVE-2016-6100
2017-04-05 18:59:00
cvelist
cvelist
CVE-2016-6100
2017-04-05 18:00:00
nvd
nvd
CVE-2016-6100
2017-04-05 18:59:00

0.001 Low

EPSS

Percentile

31.0%

JSON
Related for 7EF74962C15F1C45073C6C3E0C3C449B8FE46AE75560459BB40CB559826B460D
prion1cve1cvelist1nvd1