exploitDog

GHSA-9www-m7p9-p7jr

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

Ссылки

EPSS

Процентиль: 65%

0.00484

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-9346

CVSS3: 8.8

nvd

почти 6 лет назад

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

EPSS

Процентиль: 65%

0.00484

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352