Описание
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 31 (включая)
cpe:2.3:a:teradici:cloud_access_connector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.0012
Низкий
6.5 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
github
больше 3 лет назад
An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.
EPSS
Процентиль: 31%
0.0012
Низкий
6.5 Medium
CVSS3
2.6 Low
CVSS2
Дефекты
CWE-352
CWE-352