8.8
CVE-2020-26516
- EPSS 0.22%
- Veröffentlicht 08.06.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 05:19:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Intland ≫ Codebeamer Version10.0.0 Update-
Intland ≫ Codebeamer Version10.0.0 Updateprerelease4
Intland ≫ Codebeamer Version10.0.0 Updaterc1
Intland ≫ Codebeamer Version10.0.0 Updatesp1
Intland ≫ Codebeamer Version10.0.0 Updatesp2
Intland ≫ Codebeamer Version10.0.1 Updatesp1
Intland ≫ Codebeamer Version10.1.0 Update-
Intland ≫ Codebeamer Version10.1.0 Updatesp1
Intland ≫ Codebeamer Version10.1.0 Updatesp2
Intland ≫ Codebeamer Version10.1.0 Updatesp3
Intland ≫ Codebeamer Version10.1.0 Updatesp4
Intland ≫ Codebeamer Version21.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.