2 matches found
CVE-2021-20403
The Connected documents confirm a CSRF vulnerability in IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7, allowing an attacker to perform malicious/unauthorized actions on behalf of a trusted user. The IBM bulletin notes older browser support affects CSRF protections (SameSit...
Security Bulletin: IBM Security Verify Information Queue still supports older browsers that don't enforce CSRF token protections (CVE-2021-20403)
Summary The IBM Security Verify Information Queue ISIQ web application protects against cross-site request forgery CSRF attacks by using the SameSite cookie attribute. However, ISIQ's web browser requirements are not current enough to ensure that this cookie attribute gets consistently used. As o...