← Zuruck zu CVEs

CVE-2013-3935

HIGH

8.8

Beschreibung

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht1/2/2020

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

opsview:opsviewopsview:opsview_core

Schwachen (CWE)

CWE-352

Referenzen

http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822(PSIRT-CNA@flexerasoftware.com)

http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes(PSIRT-CNA@flexerasoftware.com)

http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822(af854a3a-2127-422b-91ae-364da2661108)

http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.