Описание
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:tejari:bravo_solution:-:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.0023
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens.
EPSS
Процентиль: 45%
0.0023
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352