CVE-2023-50349

Опубликовано: 09 фев. 2024

Источник: nvd

CVSS3: 5.9

CVSS3: 8.8

EPSS Низкий

Описание

Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*

Версия до 12.0.2 (исключая)

EPSS

Процентиль: 21%

0.00066

Низкий

5.9 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-qhj6-7r5w-cm2f

CVSS3: 5.9

github

почти 2 года назад

Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application.

EPSS

Процентиль: 21%

0.00066

Низкий

5.9 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352