{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-03-12T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2015-7446", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:27.359Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-7446", "datePublished": "2016-03-12T15:00:00", "dateReserved": "2015-09-29T00:00:00", "dateUpdated": "2024-08-06T07:51:27.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "AEB7FCA5-3B8C-4719-8BDB-5F2D60F0587A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A7373F0A-1417-4840-B408-34F45728CD51", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:flashsystem_v9000_firmware:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "E6691B38-0A7B-463F-A1C8-9CA37FD3E0F5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:flashsystem_9846-ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8CC9EB5-07BE-4469-AAA5-CD45E757920F", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flashsystem_9846-ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6915102E-4450-4A3A-9B81-670B02E7BDEC", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flashsystem_9848-ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E677E8A2-A1A1-4FAC-8B3A-77882CB8C1DD", "vulnerable": false}, {"criteria": "cpe:2.3:h:ibm:flashsystem_9848-ae2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD5C253A-086B-4ADB-AFBF-74BFAA696AA2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en IBM Flash System V9000 7.4 en versiones anteriores a 7.4.1.4, 7.5 en versiones anteriores a 7.5.1.3 y 7.6 en versiones anteriores a 7.6.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios por peticiones que insertan secuencias XSS."}], "id": "CVE-2015-7446", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2016-03-12T15:59:00.150", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005570"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}

{}