CVE-2010-1325

EPSS 0.14%
Veröffentlicht 03.09.2010 20:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting.  NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Novell ≫ Suse Lifecycle Management Server Version1.0

Novell ≫ Suse Linux Version11 Update- Editionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.307

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://support.novell.com/security/cve/CVE-2010-1325.html

http://www.securityfocus.com/bid/42121

https://bugzilla.novell.com/show_bug.cgi?id=588284

https://exchange.xforce.ibmcloud.com/vulnerabilities/61006

https://nvd.nist.gov/vuln/detail/CVE-2010-1325

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1325

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1325

EUVD