Lucene search

[email protected]CVE-2010-5283

HistoryNov 26, 2012 - 11:55 p.m.

CVE-2010-5283

2012-11-2623:55:01

CWE-352

[email protected]

web.nvd.nist.gov

cve-2010-5283

csrf

opentext ecm

livelink ecm

nvd

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.

Affected configurations

NVD

Node

opentextlivelink_ecmMatch9.7.1

CPENameOperatorVersion
opentext:livelink_ecmopentext livelink ecmeq9.7.1

CPE	Name	Operator	Version
opentext:livelink_ecm	opentext livelink ecm	eq	9.7.1

References

archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html

packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt

secunia.com/advisories/41553

www.osvdb.org/68255

exchange.xforce.ibmcloud.com/vulnerabilities/62057

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2010-5283

cvelist1 prion1 nvd1