First published: Wed Nov 30 2016(Updated: )
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Forms Experience Builder | =8.5.0.0 | |
IBM Forms Experience Builder | =8.5.1.0 | |
IBM Forms Experience Builder | =8.5.1.1 | |
IBM Forms Experience Builder | =8.6.0.0 | |
IBM Forms Experience Builder | =8.6.1 | |
IBM Forms Experience Builder | =8.6.1.1 | |
IBM Forms Experience Builder | =8.6.2 | |
IBM Forms Experience Builder | =8.6.2.1 | |
IBM Forms Experience Builder | =8.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.