4.3
CVE-2015-2852
- EPSS 0.7%
- Veröffentlicht 30.05.2015 19:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack the authentication of administrators.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blue Coat ≫ Ssl Visibility Appliance Sv2800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv1800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv3800 Firmware Version <= 3.8.3
Blue Coat ≫ Ssl Visibility Appliance Sv800 Firmware Version <= 3.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.483 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://www.kb.cert.org/vuls/id/498348
http://www.securityfocus.com/bid/74921
https://bto.bluecoat.com/security-advisory/sa96