Multiple IBM Products CVE-2016-6100 Cross Site Request Forgery Vulnerability

Multiple IBM products are prone to an unspecified cross-site request forgery vulnerability because it fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application.

The following products are vulnerable:

Disposal and Governance Management for IT 6.0 through 6.0.2 and 6.0.3 through 6.0.3.4
Global Retention Policy and Schedule Management 6.0 through 6.0.2 and 6.0.3 through 6.0.3.4

Information

Bugtraq ID: 97326
Class: Design Error
CVE: CVE-2016-6100

Remote: Yes
Local: No
Published: Mar 30 2017 12:00AM
Credit: Kiran Shirali from eBay.
Vulnerable: IBM Global Retention Policy and Schedule Management 6.0.2
IBM Global Retention Policy and Schedule Management 6.0.1 .6
IBM Global Retention Policy and Schedule Management 6.0.3.4
IBM Global Retention Policy and Schedule Management 6.0.3.3
IBM Global Retention Policy and Schedule Management 6.0.3
IBM Global Retention Policy and Schedule Management 6.0.1.5
IBM Global Retention Policy and Schedule Management 6.0.1.4
IBM Global Retention Policy and Schedule Management 6.0
IBM Disposal and Governance Management for IT 6.0.2
IBM Disposal and Governance Management for IT 6.0.1 .6
IBM Disposal and Governance Management for IT 6.0.3.4
IBM Disposal and Governance Management for IT 6.0.3.3
IBM Disposal and Governance Management for IT 6.0.3
IBM Disposal and Governance Management for IT 6.0.1.5
IBM Disposal and Governance Management for IT 6.0.1.4
IBM Disposal and Governance Management for IT 6.0

Not Vulnerable:

Exploit

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

References:

• IBM Homepage (IBM)
  
• swg22000771: IBM Disposal and Governance Management for IT and IBM Global Retent (IBM)
  

Source: www.securityfocus.com