CSRF in Ibm Jazz_reporting_service
CVE-2016-2889
Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows rem…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.001 (28.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Ibm Jazz_reporting_service — versions 5.0, 5.0.1, 5.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 91766 (vdb-entry, x_refsource_BID)
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-2889?
- CVE-2016-2889 is a high-severity vulnerability in Ibm Jazz_reporting_service, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-07-08.
- How severe is CVE-2016-2889?
- High severity. CVSS v3 base score is 8.8 out of 10.