CSRF in Ibm Cognos_express

CVE-2013-5443

Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to hijack the authentication of arbitrary users.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (27.8th percentile) — read the EPSS interpretation.

Affected products

Ibm Cognos_express — versions 9.0, 9.5, 10.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

ibm-cognos-cve20135443-csrf(87819) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)