ByteOS Network

NVD Vulnerability Details :

CVE-2016-3004

Deferred

Source-psirt@us.ibm.com

Published At-30 Nov, 2016 | 11:59

Updated At-12 Apr, 2025 | 10:46

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.6	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Primary	2.0	4.9	MEDIUM	AV:N/AC:M/Au:S/C:N/I:P/A:P

Type: Primary

Version: 3.0

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Type: Primary

Version: 2.0

Base score: 4.9

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:P

CPE Matches

IBM Corporation

>>connections>>4.0.0.0

cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*

IBM Corporation

>>connections>>4.5.0.0

cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*

IBM Corporation

>>connections>>5.0.0.0

cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	nvd@nist.gov

CWE ID: CWE-352

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039	psirt@us.ibm.com	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990864	psirt@us.ibm.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/94332	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990864	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/bid/94332	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry