2.6

CVE-2010-2151

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FujitsuE-pares Versionl01
FujitsuE-pares Versionl03
FujitsuE-pares Versionl10
FujitsuE-pares Versionl20
FujitsuE-pares Versionl30
FujitsuE-pares Versionl40
FujitsuE-pares Versionv01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.529
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://secunia.com/advisories/40029
Vendor Advisory
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html
Vendor Advisory
http://jvn.jp/en/jp/JVN82465391/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html
http://www.securityfocus.com/bid/40517