8.8

CVE-2018-13793

Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.

Data is provided by the National Vulnerability Database (NVD)
AbbyyFlexicapture Version12.0.1.263
AbbyyFlexicapture Version12.0.1.267
AbbyyFlexicapture Version12.0.1.282
AbbyyFlexicapture Version12.0.1.292
AbbyyFlexicapture Version12.0.1.367
AbbyyFlexicapture Version12.0.1.428
AbbyyFlexicapture Version12.0.1.475
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.17% 0.345
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.