Lucene search

MitreCVE-2009-4849

HistoryMay 07, 2010 - 6:30 p.m.

CVE-2009-4849

2010-05-0718:30:01

CWE-352

mitre

web.nvd.nist.gov

cve-2009-4849

csrf

security vulnerabilities

toutvirtual virtualiq pro

authentication hijacking

remote attacks

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.

Affected configurations

Nvd

Node

toutvirtualvirtualiqMatch3.2-pro

toutvirtualvirtualiqMatch3.5-pro

VendorProductVersionCPE
toutvirtualvirtualiq3.2cpe:2.3:a:toutvirtual:virtualiq:3.2:-:pro:*:*:*:*:*
toutvirtualvirtualiq3.5cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:*:*:*:*:*

Vendor	Product	Version	CPE
toutvirtual	virtualiq	3.2	cpe:2.3:a:toutvirtual:virtualiq:3.2:-:pro:::::*
toutvirtual	virtualiq	3.5	cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:::::*

References

secunia.com/advisories/37359

www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

www.securityfocus.com/archive/1/507729/100/0/threaded

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

Related for CVE-2009-4849