exploitDog

CVE-2015-3388

Опубликовано: 21 апр. 2015

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2015/02/13/12
http://www.securityfocus.com/bid/72615
https://www.drupal.org/node/2424435
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/02/13/12
http://www.securityfocus.com/bid/72615
https://www.drupal.org/node/2424435
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:balanced:commerce_balanced_payments:*:*:*:*:*:drupal:*:*

Версия до 7.x-1.2 (включая)

EPSS

Процентиль: 32%

0.00126

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-43r5-v8pm-grg9

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors.

EPSS

Процентиль: 32%

0.00126

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-352