IBMF8151F6C230970B72C010AA4ECFC4475006234081860353C295D69970222580BSecurity Bulletin: Cross-Site Request Forgery (CSRF) vulnerability identified with Jazz for Service Management (JazzSM) v1.1.3 (CVE-2017-1746)
0.001 Low
EPSS
Percentile
26.3%
Summary
IBM Jazz for Service Management is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Vulnerability Details
CVEID: CVE-2017-1746**
DESCRIPTION:** IBM Jazz for Service Management is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135519 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Products and Versions
Jazz for Service Management version 1.1.3
Remediation/Fixes
Principal Product and Version(s)
| Cumulative Patch Level
—|—
Jazz for Service Management version 1.1.3| Cross-Site Request Forgery (CSRF) vulnerability addressed with JazzSM 1.1.3 Cumulative Patch level 5
1.1.3.0-TIV-JazzSM-DASH-Cumulative-Patch-0005
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli components | eq | 1.1.3 |
Related
0.001 Low
EPSS
Percentile
26.3%