← Back to CVEs

CVE-2013-3935

HIGH

8.8

Description

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published1/2/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

opsview:opsviewopsview:opsview_core

Weaknesses (CWE)

CWE-352

References

http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822(PSIRT-CNA@flexerasoftware.com)

http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes(PSIRT-CNA@flexerasoftware.com)

http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822(af854a3a-2127-422b-91ae-364da2661108)

http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.