High severity8.8NVD Advisory· Published Sep 26, 2016· Updated Jun 17, 2026
CVE-2016-3007
CVE-2016-3007
Description
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users.
Affected products
5cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*
- (no CPE)range: 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1
Patches
Vulnerability mechanics
References
3- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www-01.ibm.com/support/docview.wssnvdBroken Link
- www.securityfocus.com/bid/93168nvd
News mentions
0No linked articles in our index yet.