admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-12 02:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-02xx/CVE-2016-0295.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

147 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-0295",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2018-02-28T17:29:00.580",
"lastModified": "2024-11-21T02:41:26.617",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en IBM BigFix Platform 9.0, 9.1, 9.2 y versiones 9.5 anteriores a la 9.5.2 permite que atacantes remotos secuestren la autenticaci\u00f3n de usuarios arbitrarios para peticiones que inserten secuencias XSS. IBM X-Force ID: 111363."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"baseScore": 6.8,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:bigfix_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5",
"versionEndExcluding": "9.5.2",
"matchCriteriaId": "3B745FF0-125D-4153-B3C5-854CD342291E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66D8FA27-E35E-41E8-A5C8-14761E47CE10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF3A293-36B6-41F3-87CE-EC2D89F212B1"
}
]
}
]
}
],
"references": [
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985830",
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111363",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985830",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111363",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink