CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7465
https://notcve.org/view.php?id=CVE-2015-7465
10 Jan 2016 — Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service (JRS) 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrar... • http://www-01.ibm.com/support/docview.wss?uid=swg21972484 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7466
https://notcve.org/view.php?id=CVE-2015-7466
10 Jan 2016 — Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. Lifecycle Query Engine (LQE) en IBM Jazz Reporting Service (JRS) 6.0 en versiones anteriores a 6.0.0-Rational-CLM-ifix005 permite a usuarios remotos autenticados llevar a cabo ataques de inyeción LDAP, y consecuentemente eludir las r... • http://www-01.ibm.com/support/docview.wss?uid=swg21972484 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •