CVE-2019-7281

Опубликовано: 01 июл. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.

Ссылки

https://applied-risk.com/labs/advisories
Not Applicable
Third Party Advisory
https://www.applied-risk.com/resources/ar-2019-007
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Third Party Advisory
US Government Resource
https://applied-risk.com/labs/advisories
Not Applicable
Third Party Advisory
https://www.applied-risk.com/resources/ar-2019-007
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*

Версия до 2.3.38 (включая)

EPSS

Процентиль: 51%

0.0028

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-cm5m-hw4q-mmhx