CVE-2018-6563

Опубликовано: 20 июн. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.

Ссылки

http://packetstormsecurity.com/files/147648/Totemomail-Encryption-Gateway-6.0.0_Build_371-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/542015/100/0/threaded
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-003_totemo_csrf.txt
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44631/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/147648/Totemomail-Encryption-Gateway-6.0.0_Build_371-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/542015/100/0/threaded
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-003_totemo_csrf.txt
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/44631/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:totemo:encryption_gateway:*:*:*:*:*:*:*:*

Версия до 6.0.0 (включая)

EPSS

Процентиль: 39%

0.00176

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-pwp9-wc2j-35m6