Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-38660

Опубликовано: 04 нояб. 2022
Источник: nvd
CVSS3: 8.3
CVSS3: 8.8
EPSS Низкий

Описание

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.  

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hcltech:domino:*:*:*:*:*:*:*:*
Версия до 9.0.1 (исключая)
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_3:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_4:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_10_interim_fix_5:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_1:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_2:*:*:*:*:*:*
cpe:2.3:a:hcltech:domino:9.0.1:feature_pack_8_interim_fix_3:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00187
Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352
CWE-352

Связанные уязвимости

github логотип

GHSA-pm8g-g665-8r7q

CVSS3: 8.8
github
больше 3 лет назад

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user.

EPSS

Процентиль: 40%
0.00187
Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352
CWE-352