Lucene search
CertccCVE-2014-0336HistoryMar 06, 2014 - 11:55 a.m.
CVE-2014-0336
2014-03-0611:55:05
CWE-352
certcc
web.nvd.nist.gov
30
cve
2014
0336
csrf
vulnerability
serena
dimensions
cm
web client
hijack
authentication
administrators
adminconsole
uri
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
47.1%
Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI.
Affected configurations
Node
serenadimensions_cmMatch12.2build7.199.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| serena | dimensions_cm | 12.2 | cpe:2.3:a:serena:dimensions_cm:12.2:build7.199.0:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2014-0336
2014-03-06 11:55:05
cvelist
cvelist
CVE-2014-0336
2014-03-06 11:00:00
prion
prion
Cross site request forgery (csrf)
2014-03-06 11:55:00
seebug
seebug
Serena Dimensions CM跨站请求伪造漏洞
2014-03-11 00:00:00
cert
cert
Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities
2014-03-05 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
47.1%
Related for CVE-2014-0336