Skip to main content

Jazz For Service Management CVE-2017-1631

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-12-20 psirt@us.ibm.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 20, 2017 - 18:29 cve.org
HIGH 8.8

DescriptionCVE.org

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.

AnalysisAI

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. Affected products include: Ibm Jazz For Service Management.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2017-1746 HIGH
8.8 Dec 20

IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could al

CVE-2021-29831 HIGH
8.1 Sep 21

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Inje

CVE-2019-4193 HIGH
7.5 Jul 11

IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive information in URL parameters. Rated high severity (C

CVE-2021-29816 MEDIUM
6.5 Sep 23

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site request forgery

CVE-2024-52892 MEDIUM
6.1 Feb 06

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. Rated medium severity (CVS

CVE-2019-4186 MEDIUM
6.1 Sep 05

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host

CVE-2019-4201 MEDIUM
6.1 Jun 06

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, u

CVE-2021-29904 MEDIUM
5.5 Sep 23

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear tex

CVE-2019-4275 MEDIUM
5.5 Aug 02

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique cata

CVE-2022-35722 MEDIUM
5.4 Sep 28

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vul

CVE-2022-35721 MEDIUM
5.4 Sep 23

IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), th

CVE-2021-38877 MEDIUM
5.4 Sep 23

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4),

Share

CVE-2017-1631 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy