IBM FlashSystem Model V9000 Cross-Site Request Forgery Vulnerabilities
21 Jun. 2016
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Vulnerable Systems:
*IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4
Immune Systems:
*IBM Flash System V9000 7.4 after 7.4.1.4, 7.5 after 7.5.1.3, and 7.6 after 7.6.0.4
IBM Flash System V9000 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.