First published: Mon Sep 26 2016(Updated: )
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
HCL Connections | =4.0.0.0 | |
HCL Connections | =4.5.0.0 | |
HCL Connections | =5.0.0.0 | |
HCL Connections | =5.5.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-3007 is classified as a medium severity vulnerability due to its potential for Cross-site request forgery (CSRF) attacks.
To fix CVE-2016-3007, apply the latest security patches provided by IBM for HCL Connections.
CVE-2016-3007 affects HCL Connections versions 4.0.0.0, 4.5.0.0, 5.0.0.0, and 5.5.0.0.
Yes, the CVE-2016-3007 vulnerability can be exploited by remote authenticated users to hijack the authentication of other users.
CVE-2016-3007 is a Cross-site request forgery (CSRF) vulnerability.