Multiple IBM products are prone to an unspecified cross-site request forgery vulnerability because it fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application.
The following products are vulnerable:
Disposal and Governance Management for IT 6.0 through 6.0.2 and 6.0.3 through 6.0.3.4
Global Retention Policy and Schedule Management 6.0 through 6.0.2 and 6.0.3 through 6.0.3.4
Information
IBM Global Retention Policy and Schedule Management 6.0.1 .6
IBM Global Retention Policy and Schedule Management 6.0.3.4
IBM Global Retention Policy and Schedule Management 6.0.3.3
IBM Global Retention Policy and Schedule Management 6.0.3
IBM Global Retention Policy and Schedule Management 6.0.1.5
IBM Global Retention Policy and Schedule Management 6.0.1.4
IBM Global Retention Policy and Schedule Management 6.0
IBM Disposal and Governance Management for IT 6.0.2
IBM Disposal and Governance Management for IT 6.0.1 .6
IBM Disposal and Governance Management for IT 6.0.3.4
IBM Disposal and Governance Management for IT 6.0.3.3
IBM Disposal and Governance Management for IT 6.0.3
IBM Disposal and Governance Management for IT 6.0.1.5
IBM Disposal and Governance Management for IT 6.0.1.4
IBM Disposal and Governance Management for IT 6.0
Exploit
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
References: