CVE-2013-4000: CSRF
First published: Sat Dec 14 2013(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Command Center | <=10.1 | |
| IBM Cognos Command Center | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4000?
CVE-2013-4000 is classified as a high severity vulnerability due to its potential for unauthorized access and control over IBM Cognos Command Center services.
How do I fix CVE-2013-4000?
To fix CVE-2013-4000, you should upgrade IBM Cognos Command Center to version 10.2 or later, which addresses the multiple CSRF vulnerabilities.
Who is affected by CVE-2013-4000?
Users of IBM Cognos Command Center prior to version 10.2, specifically versions 10.0 and up to 10.1, are affected by CVE-2013-4000.
What are the consequences of exploiting CVE-2013-4000?
Exploiting CVE-2013-4000 allows remote attackers to hijack the authentication of administrators, potentially allowing them to start or stop services without authorization.
What types of attacks are associated with CVE-2013-4000?
CVE-2013-4000 is associated with cross-site request forgery (CSRF) attacks that target administrative functionalities in IBM Cognos Command Center.
- collector/nvd-index
- agent/severity
- vendor/ibm
- canonical/ibm cognos command center
- version/ibm cognos command center/10.1
- version/ibm cognos command center/10.0