VYPR
Unrated severityNVD Advisory· Published Jun 8, 2014· Updated Jun 17, 2026

CVE-2014-0929

CVE-2014-0929

Description

Cross-site request forgery (CSRF) vulnerability in the Profiles component in IBM Connections through 3.0.1.1 CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that trigger follow actions.

Affected products

14
  • IBM/Connections14 versions
    cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*range: <=3.0.1.1
    • cpe:2.3:a:ibm:connections:1.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:1.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:1.0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:2.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:3.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:3.0.1.0:*:*:*:*:*:*:*
    • (no CPE)range: <=3.0.1.1 CR3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.