Описание
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.2 (включая)Версия от 10.3 (включая) до 10.3.3.3 (исключая)
Одно из
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:comos:10.4:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00142
Низкий
8.8 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-352
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks.
EPSS
Процентиль: 35%
0.00142
Низкий
8.8 High
CVSS3
5.1 Medium
CVSS2
Дефекты
CWE-352
CWE-352
CWE-352