Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Connections | <= 3.0.1.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59046
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO79622
- http://www-01.ibm.com/support/docview.wss?uid=swg21668509Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92261
- http://secunia.com/advisories/59046
- http://www-01.ibm.com/support/docview.wss?uid=swg1LO79622
- http://www-01.ibm.com/support/docview.wss?uid=swg21668509Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92261
FAQ
What is CVE-2014-0929?
CVE-2014-0929 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for r...
How severe is CVE-2014-0929?
CVE-2014-0929 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0929?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Connections.