7.1
CVE-2020-10771
- EPSS 0.45%
- Veröffentlicht 02.06.2021 12:15:07
- Zuletzt bearbeitet 21.11.2024 04:56:02
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Infinispan ≫ Infinispan-server-rest Version10.0.0
Netapp ≫ Oncommand Insight Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://bugzilla.redhat.com/show_bug.cgi?id=1846293
https://security.netapp.com/advisory/ntap-20210827-0003/