Lucene search

[email protected]CVE-2009-2005

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-2005

2022-10-0316:24:07

CWE-352

[email protected]

web.nvd.nist.gov

security

csrf

vulnerability

dokeos

authentication

agenda items

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

Affected configurations

NVD

Node

dokeosdokeosMatch1.8.5

CPENameOperatorVersion
dokeos:dokeosdokeoseq1.8.5

CPE	Name	Operator	Version
dokeos:dokeos	dokeos	eq	1.8.5

References

holisticinfosec.org/content/view/112/45/

secunia.com/advisories/34879

www.dokeos.com/wiki/index.php/Security#Dokeos_1.8

www.securityfocus.com/bid/34928

www.vupen.com/english/advisories/2009/1300

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2009-2005

cvelist1 prion1 nvd1