Lucene search

[email protected]CVE-2011-5068

HistoryJan 29, 2012 - 4:04 a.m.

CVE-2011-5068

2012-01-2904:04:44

CWE-352

[email protected]

web.nvd.nist.gov

csrf

sit!

3.65

authentication

vulnerability

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.9%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.

Affected configurations

NVD

Node

sitrackersupport_incident_trackerMatch3.65

CPENameOperatorVersion
sitracker:support_incident_trackersitracker support incident trackereq3.65

CPE	Name	Operator	Version
sitracker:support_incident_tracker	sitracker support incident tracker	eq	3.65

References

osvdb.org/show/osvdb/77657

secunia.com/advisories/45437

www.kb.cert.org/vuls/id/576355

www.securityfocus.com/bid/50896

exchange.xforce.ibmcloud.com/vulnerabilities/71653

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2011-5068

prion1 nvd1 cvelist1