Vulnerability Details : CVE-2016-0348
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813.
Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2016-0348
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-0348
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
|
8.0
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
NIST |
CWE ids for CVE-2016-0348
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0348
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/111813
IBM TRIRIGA Application cross-site request forgery CVE-2016-0348 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21980237
IBM Security Bulletin: IBM TRIRIGA Application Platform Cross Site Request Forgery Vulnerability (CVE-2016-0348)Vendor Advisory
Products affected by CVE-2016-0348
- cpe:2.3:a:ibm:tririga_application_platform:3.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:*:*:*:*:*:*:*