Lucene search

[email protected]CVE-2013-3583

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3583

2022-10-0316:14:45

CWE-352

[email protected]

web.nvd.nist.gov

cve-2013-3583

csrf

saveproperties.html

corporater epm suite

remote attackers

authentication

hijack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.1%

JSON

Cross-site request forgery (CSRF) vulnerability in saveProperties.html in Corporater EPM Suite allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.

Affected configurations

NVD

Node

corporaterepm_suiteMatch-

CPENameOperatorVersion
corporater:epm_suitecorporater epm suiteeq-

CPE	Name	Operator	Version
corporater:epm_suite	corporater epm suite	eq	-

References

www.kb.cert.org/vuls/id/595142

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for CVE-2013-3583

prion1 cvelist1 nvd1 cert1