6.8

CVE-2015-0541

Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RsaWeb Threat Detection Version <= 5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.567
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://seclists.org/bugtraq/2015/Jun/18
Third Party Advisory
Mailing List
http://www.securitytracker.com/id/1032477
Third Party Advisory
Broken Link
VDB Entry