CVE-2019-19987

Опубликовано: 26 фев. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on.

Ссылки

https://www.seling.it/
Product
https://www.seling.it/product/vam/
Product
Vendor Advisory
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
Exploit
Third Party Advisory
https://www.seling.it/
Product
https://www.seling.it/product/vam/
Product
Vendor Advisory
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*

Версия от 4.15.0 (включая) до 4.29.0 (включая)

EPSS

Процентиль: 42%

0.00197

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-46v6-rwf6-m6p5

github

больше 3 лет назад