CVE-2021-27758

Опубликовано: 06 мая 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006
Mitigation
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098006
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:bigfix_inventory:*:*:*:*:*:*:*:*

Версия от 9.0 (включая) до 10.0.7.0 (исключая)

EPSS

Процентиль: 24%

0.00084

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-95fm-qgf3-w8cm

CVSS3: 6.5

github

почти 4 года назад

There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account.

EPSS

Процентиль: 24%

0.00084

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352