Cross-site request forgery in Sametime - CVE-2016-0355
Published: August 28, 2017
Vulnerability identifier: #VU8019
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0355
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Sametime
Sametime
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to perform CSRF attack.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and cause the screen sharing to cease.
The weakness exists due to improper input validation. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and cause the screen sharing to cease.
How to mitigate CVE-2016-0355
Update to version 9.0.1 FP1.