CVE-2016-2884

Published on: 11/30/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Certain versions of Forms Experience Builder from Ibm contain the following vulnerability:

Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

  • CVE-2016-2884 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
IBM Security Bulletin: IBM Forms Experience Builder vulnerable to CSRF when configured with non default settings (CVE-2016-2884) - United States Patch
Vendor Advisory
www-01.ibm.com
text/html
URL Logo CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21987252
IBM notice: The page you requested cannot be displayed Not Applicable
www-01.ibm.com
text/html
Inactive LinkNot Archived
URL Logo AIXAPAR LO89686

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmForms Experience Builder8.5.0.0AllAllAll
ApplicationIbmForms Experience Builder8.5.1.0AllAllAll
ApplicationIbmForms Experience Builder8.5.1.1AllAllAll
ApplicationIbmForms Experience Builder8.6.0.0AllAllAll
ApplicationIbmForms Experience Builder8.6.1AllAllAll
ApplicationIbmForms Experience Builder8.6.1.1AllAllAll
ApplicationIbmForms Experience Builder8.6.2AllAllAll
ApplicationIbmForms Experience Builder8.6.2.1AllAllAll
ApplicationIbmForms Experience Builder8.6.3AllAllAll
ApplicationIbmForms Experience Builder8.5.0.0AllAllAll
ApplicationIbmForms Experience Builder8.5.1.0AllAllAll
ApplicationIbmForms Experience Builder8.5.1.1AllAllAll
ApplicationIbmForms Experience Builder8.6.0.0AllAllAll
ApplicationIbmForms Experience Builder8.6.1AllAllAll
ApplicationIbmForms Experience Builder8.6.1.1AllAllAll
ApplicationIbmForms Experience Builder8.6.2AllAllAll
ApplicationIbmForms Experience Builder8.6.2.1AllAllAll
ApplicationIbmForms Experience Builder8.6.3AllAllAll
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.1.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.5.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.2.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:forms_experience_builder:8.6.3:*:*:*:*:*:*:*: