Lucene search

JpcertCVE-2011-3994

HistoryNov 03, 2011 - 5:55 p.m.

CVE-2011-3994

2011-11-0317:55:01

CWE-352

jpcert

web.nvd.nist.gov

cve-2011-3994

csrf vulnerability

skyarc mtcms

multifileuploader

duplicateentry

mailpack

autotagging

movable type

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.8%

JSON

Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data.

Affected configurations

Nvd

Node

skyarcautotaggingRange≤0.08

skyarcduplicateentryRange≤1.2

skyarcmailpackRange≤1.741

skyarcmtcmsRange≤5.251

skyarcmtcmsMatch5.2

skyarcmtcmsMatch5.21

skyarcmtcmsMatch5.22

skyarcmtcmsMatch5.23

skyarcmtcmsMatch5.24

skyarcmtcmsMatch5.24enterprise

skyarcmtcmsMatch5.24smart

skyarcmtcmsMatch5.25

skyarcmtcmsMatch5.25enterprise

skyarcmtcmsMatch5.25smart

skyarcmtcmsMatch5.251enterprise

skyarcmtcmsMatch5.251smart

skyarcmultifileuploaderRange≤0.44

VendorProductVersionCPE
skyarcautotagging*cpe:2.3:a:skyarc:autotagging:*:*:*:*:*:*:*:*
skyarcduplicateentry*cpe:2.3:a:skyarc:duplicateentry:*:*:*:*:*:*:*:*
skyarcmailpack*cpe:2.3:a:skyarc:mailpack:*:*:*:*:*:*:*:*
skyarcmtcms*cpe:2.3:a:skyarc:mtcms:*:*:*:*:*:*:*:*
skyarcmtcms5.2cpe:2.3:a:skyarc:mtcms:5.2:*:*:*:*:*:*:*
skyarcmtcms5.21cpe:2.3:a:skyarc:mtcms:5.21:*:*:*:*:*:*:*
skyarcmtcms5.22cpe:2.3:a:skyarc:mtcms:5.22:*:*:*:*:*:*:*
skyarcmtcms5.23cpe:2.3:a:skyarc:mtcms:5.23:*:*:*:*:*:*:*
skyarcmtcms5.24cpe:2.3:a:skyarc:mtcms:5.24:*:*:*:*:*:*:*
skyarcmtcms5.24cpe:2.3:a:skyarc:mtcms:5.24:*:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
skyarc	autotagging	*	cpe:2.3:a:skyarc:autotagging::::::::
skyarc	duplicateentry	*	cpe:2.3:a:skyarc:duplicateentry::::::::
skyarc	mailpack	*	cpe:2.3:a:skyarc:mailpack::::::::
skyarc	mtcms	*	cpe:2.3:a:skyarc:mtcms::::::::
skyarc	mtcms	5.2	cpe:2.3:a:skyarc:mtcms:5.2:::::::*
skyarc	mtcms	5.21	cpe:2.3:a:skyarc:mtcms:5.21:::::::*
skyarc	mtcms	5.22	cpe:2.3:a:skyarc:mtcms:5.22:::::::*
skyarc	mtcms	5.23	cpe:2.3:a:skyarc:mtcms:5.23:::::::*
skyarc	mtcms	5.24	cpe:2.3:a:skyarc:mtcms:5.24:::::::*
skyarc	mtcms	5.24	cpe:2.3:a:skyarc:mtcms:5.24::enterprise:::::

Rows per page:

1-10 of 171

References

jvn.jp/en/jp/JVN56667137/index.html

jvndb.jvn.jp/jvndb/JVNDB-2011-000094

www.mtcms.jp/news/product/201110131921.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.8%

JSON

Related for CVE-2011-3994