exploitDog

CVE-2015-6493

Опубликовано: 28 окт. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00319

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-9gwg-ggxq-h528

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

EPSS

Процентиль: 55%

0.00319

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352