7.2
CVE-2016-1607
- EPSS 3.39%
- Veröffentlicht 01.08.2016 02:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@opentext.com
- CVE-Watchlists
- Unerledigt
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.39% | 0.872 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://seclists.org/bugtraq/2016/Jul/119
http://www.securityfocus.com/bid/92113
https://download.novell.com/Download?buildid=3V-3ArYN85I~
https://www.exploit-db.com/exploits/40161/
https://www.novell.com/support/kb/doc.php?id=7017786