Lucene search

[email protected]CVE-2014-2330

HistoryAug 31, 2015 - 6:59 p.m.

CVE-2014-2330

2015-08-3118:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-2330

csrf

multisite gui

check_mk

security vulnerability

nvd

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown vectors.

CPENameOperatorVersion
check_mk_project:check_mkcheck mk project check mkle1.2.3
check_mk_project:check_mkcheck mk project check mkle1.2.2

CPE	Name	Operator	Version
check_mk_project:check_mk	check mk project check mk	le	1.2.3
check_mk_project:check_mk	check mk project check mk	le	1.2.2

References

mathias-kettner.de/check_mk_werks.php?werk_id=0766

www.securityfocus.com/archive/1/531594

www.securityfocus.com/bid/66389

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2014-2330

prion3 ubuntucve3 seebug1 cve2 nessus8 fedora8 securityvulns2 openvas10