CVE-2016-6045
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21995754
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | tivoli_storage_manager | 6.4.1 | |
| ibm | tivoli_storage_manager | 6.4.1.1 | |
| ibm | tivoli_storage_manager | 6.4.2 | |
| ibm | tivoli_storage_manager | 6.4.2.1 | |
| ibm | tivoli_storage_manager | 6.4.2.2 | |
| ibm | tivoli_storage_manager | 6.4.2.3 | |
| ibm | tivoli_storage_manager | 6.4.2.4 | |
| ibm | tivoli_storage_manager | 7.1 | |
| ibm | tivoli_storage_manager | 7.1.0.1 | |
| ibm | tivoli_storage_manager | 7.1.0.2 | |
| ibm | tivoli_storage_manager | 7.1.1.1 | |
| ibm | tivoli_storage_manager | 7.1.1.2 | |
| ibm | tivoli_storage_manager | 7.1.3 | |
| ibm | tivoli_storage_manager | 7.1.3.1 | |
| ibm | tivoli_storage_manager | 7.1.3.2 | |
| ibm | tivoli_storage_manager | 7.1.4 | |
| ibm | tivoli_storage_manager | 7.1.4.1 | |
| ibm | tivoli_storage_manager | 7.1.4.2 | |
| ibm | tivoli_storage_manager | 7.1.7 | |
References
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.