Lucene search
HistoryMay 08, 2014 - 2:29 p.m.
CVE-2014-3115
cve-2014-3115
cross-site request forgery
fortinet fortiweb
authentication hijacking
web administration console
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.
Affected configurations
Node
fortinetfortiwebRange≤5.1.4
ORfortinetfortiwebMatch5.1.0
ORfortinetfortiwebMatch5.1.1
ORfortinetfortiwebMatch5.1.2
ORfortinetfortiwebMatch5.1.3
Related
nessus
nessus
Fortinet FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
2014-05-20 00:00:00
openvas
openvas
Fortinet FortiWeb CSRF Vulnerability (FG-IR-14-013)
2015-02-11 00:00:00
nvd
nvd
CVE-2014-3115
2014-05-08 14:29:14
cert
cert
Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability
2014-05-07 00:00:00
fortinet
fortinet
FortiWeb Cross-Site Request Forgery Vulnerability
2014-05-02 00:00:00
zdt
zdt
Fortiweb 5.1.x Cross Site Request Forgery Vulnerability
2014-05-08 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-05-08 14:29:00
cvelist
cvelist
CVE-2014-3115
2014-05-08 14:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Related for CVE-2014-3115