exploitDog

CVE-2019-18376

Опубликовано: 10 апр. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:symantec:management_center:2.2:*:*:*:*:*:*:*

cpe:2.3:a:symantec:management_center:2.3:*:*:*:*:*:*:*

cpe:2.3:a:symantec:management_center:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00228

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-vf35-57rw-pc4w

github

больше 3 лет назад

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.

EPSS

Процентиль: 45%

0.00228

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352