VYPR
Medium severity5.4NVD Advisory· Published Jan 3, 2016· Updated Jun 17, 2026

CVE-2015-5037

CVE-2015-5037

Description

Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected products

5
  • IBM/Connections5 versions
    cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*range: <=3.0.1.1
    • cpe:2.3:a:ibm:connections:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:connections:5.0:*:*:*:*:*:*:*
    • (no CPE)range: before 3.0.1.1 CR3 (3.x), before CR4 (4.0), before CR5 (4.5), before CR3 (5.0)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.