What is CVE-2016-2878?

CVE-2016-2878 is a high-severity vulnerability in Ibm Qradar_security_information_and_event_manager, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.0/10. Published 2016-11-30.

How severe is CVE-2016-2878?

High severity. CVSS v3 base score is 8.0 out of 10.

CSRF in Ibm Qradar_security_information_and_event_manager

CVE-2016-2878

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (26.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Ibm Qradar_security_information_and_event_manager — versions 7.1.0, 7.2.0, 7.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
95004 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-2878?: CVE-2016-2878 is a high-severity vulnerability in Ibm Qradar_security_information_and_event_manager, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.0/10. Published 2016-11-30.
How severe is CVE-2016-2878?: High severity. CVSS v3 base score is 8.0 out of 10.