exploitDog

CVE-2014-1615

Опубликовано: 22 апр. 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.

Ссылки

http://secunia.com/advisories/57645
Vendor Advisory
http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf
Exploit
http://secunia.com/advisories/57645
Vendor Advisory
http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:carbonblack:carbon_black:*:beta2:*:*:*:*:*:*

Версия до 4.1.0 (включая)

cpe:2.3:a:carbonblack:carbon_black:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:carbonblack:carbon_black:4.1.0:beta1:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00121

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-gvp5-pp62-q4gv

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.

EPSS

Процентиль: 31%

0.00121

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352