Cross site request forgery (csrf)

2017-02-0120:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

19.1%

JSON

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.

CPENameOperatorVersion
security_access_manager_9.0_firmwareeq9.0.0
security_access_manager_9.0_firmwareeq9.0.0.1
security_access_manager_9.0_firmwareeq9.0.1.0
security_access_manager_for_mobile_8.0_firmwareeq8.0.0.1
security_access_manager_for_mobile_8.0_firmwareeq8.0.0.2
security_access_manager_for_mobile_8.0_firmwareeq8.0.0.3
security_access_manager_for_mobile_8.0_firmwareeq8.0.0.5
security_access_manager_for_mobile_8.0_firmwareeq8.0.1.0
security_access_manager_for_mobile_8.0_firmwareeq8.0.1.2
security_access_manager_for_mobile_8.0_firmwareeq8.0.1.3

Name	Operator	Version
security_access_manager_9.0_firmware	eq	9.0.0
security_access_manager_9.0_firmware	eq	9.0.0.1
security_access_manager_9.0_firmware	eq	9.0.1.0
security_access_manager_for_mobile_8.0_firmware	eq	8.0.0.1
security_access_manager_for_mobile_8.0_firmware	eq	8.0.0.2
security_access_manager_for_mobile_8.0_firmware	eq	8.0.0.3
security_access_manager_for_mobile_8.0_firmware	eq	8.0.0.5
security_access_manager_for_mobile_8.0_firmware	eq	8.0.1.0
security_access_manager_for_mobile_8.0_firmware	eq	8.0.1.2
security_access_manager_for_mobile_8.0_firmware	eq	8.0.1.3