Lucene search

[email protected]CVE-2009-4849

HistoryMay 07, 2010 - 6:30 p.m.

CVE-2009-4849

2010-05-0718:30:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2009-4849

csrf

security vulnerabilities

toutvirtual virtualiq pro

authentication hijacking

remote attacks

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account via a save action to tvserver/user/user.do, (2) shutdown a virtual machine, (3) start a virtual machine, (4) restart a virtual machine, or (5) schedule an activity.

Affected configurations

NVD

Node

toutvirtualvirtualiqMatch3.2-pro

toutvirtualvirtualiqMatch3.5-pro

CPENameOperatorVersion
toutvirtual:virtualiqtoutvirtual virtualiqeq3.2
toutvirtual:virtualiqtoutvirtual virtualiqeq3.5

CPE	Name	Operator	Version
toutvirtual:virtualiq	toutvirtual virtualiq	eq	3.2
toutvirtual:virtualiq	toutvirtual virtualiq	eq	3.5

References

secunia.com/advisories/37359

www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt

www.securityfocus.com/archive/1/507729/100/0/threaded

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2009-4849

prion1 nvd1 cvelist1