7.1
CVE-2019-5318
- EPSS 0.39%
- Veröffentlicht 07.09.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 04:44:44
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba Operating System Software version(s): 6.x.x.x: all versions, 8.x.x.x: all versions prior to 8.8.0.0. Aruba has released patches for ArubaOS that address this security vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 6.1.3.7 <= 6.5.4.20
Arubanetworks ≫ Arubaos Version >= 8.0.0.0 < 8.8.0.0
Siemens ≫ Scalance W1750d Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdf
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt