Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2014-09-10T10:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2014-04-29T00:00:00
Link: CVE-2014-3037
JSON object: View
NVD Information
Status : Modified
Published: 2014-09-10T10:55:07.113
Modified: 2017-08-29T01:34:36.407
Link: CVE-2014-3037
JSON object: View
Redhat Information
No data.
CWE