| Vulnerability Name: | CVE-2012-0748 (CCN-74736) | ||||||||
| Assigned: | 2012-09-28 | ||||||||
| Published: | 2012-09-28 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified services in IBM Rational Team Concert (RTC) 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0748 Source: CCN Type: SA50789 IBM Rational Team Concert Cross-Site Request Forgery Source: SECUNIA Type: UNKNOWN 50789 Source: CCN Type: IBM Security Bulletin 1612356 Vulnerability in Rational Team Concert 4.0 with potential for Cross Site Request Forgery (CVE-2012-0748) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21612356 Source: CCN Type: OSVDB ID: 85865 IBM Rational Team Concert Work Item Manipulation CSRF Source: BID Type: UNKNOWN 55730 Source: CCN Type: BID-55730 IBM Rational Team Concert Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN rtc-services-csrf(74736) Source: XF Type: UNKNOWN rtc-services-csrf(74736) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||