[原文]IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
IBM Jazz for Service Management is prone to a cross-site request forgery vulnerability because it fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
IBM Jazz for Service Management 1.1.3 is vulnerable; other versions may also be affected.
-
漏洞利用
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
-
解决方案
Updates are available. Please see the references or vendor advisory for more information.