5.7

CVE-2024-7698

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhoenixcontactFl Mguard 4305 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 4305 Version-
PhoenixcontactFl Mguard 4302 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 4302 Version-
PhoenixcontactFl Mguard 2105 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 2105 Version-
PhoenixcontactFl Mguard 2102 Firmware Version < 10.4.1
   PhoenixcontactFl Mguard 2102 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.274
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.