Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sametime Proxy Server And Web Client | 9.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21673260Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93026
- http://www-01.ibm.com/support/docview.wss?uid=swg21673260Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93026
FAQ
What is CVE-2014-3015?
CVE-2014-3015 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Web player in IBM Sametime Proxy Server and Web Client 9.0 through 9.0.0.1 allows remote attackers to hijack the authentication of arbitrary user...
How severe is CVE-2014-3015?
CVE-2014-3015 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3015?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Sametime Proxy Server And Web Client.