VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jun 8, 2014· Updated May 6, 2026

CVE-2014-0929

CVE-2014-0929

Description

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.

Affected products

13
  • IBM/Connections13 versions
    cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*range: <=3.0.1.1
    • cpe:2.3:a:ibm:connections:1.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:1.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:1.0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:3.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:3.0.1.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.