{ "id": "CVE-2015-7446", "sourceIdentifier": "psirt@us.ibm.com", "published": "2016-03-12T15:59:00.150", "lastModified": "2018-10-17T18:47:12.877", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." }, { "lang": "es", "value": "Vulnerabilidad de CSRF en IBM Flash System V9000 7.4 en versiones anteriores a 7.4.1.4, 7.5 en versiones anteriores a 7.5.1.3 y 7.6 en versiones anteriores a 7.6.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios por peticiones que insertan secuencias XSS." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-352" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "AEB7FCA5-3B8C-4719-8BDB-5F2D60F0587A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A7373F0A-1417-4840-B408-34F45728CD51" }, { "vulnerable": true, "criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "E6691B38-0A7B-463F-A1C8-9CA37FD3E0F5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8CC9EB5-07BE-4469-AAA5-CD45E757920F" }, { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6915102E-4450-4A3A-9B81-670B02E7BDEC" }, { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E677E8A2-A1A1-4FAC-8B3A-77882CB8C1DD" }, { "vulnerable": false, "criteria": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD5C253A-086B-4ADB-AFBF-74BFAA696AA2" } ] } ] } ], "references": [ { "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570", "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ] } ] }