Lucene search

[email protected]CVE-2015-4350

HistoryJun 15, 2015 - 2:59 p.m.

CVE-2015-4350

2015-06-1514:59:05

CWE-352

[email protected]

web.nvd.nist.gov

cve

2015

4350

csrf

vulnerabilities

drupal

spider catalog

remote attackers

authentication

administrators

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) products, (2) ratings, or (3) categories via unspecified vectors.

Affected configurations

NVD

Node

web-doradospider_catalogdrupal

CPENameOperatorVersion
web-dorado:spider_catalogweb-dorado spider catalogeq*

CPE	Name	Operator	Version
web-dorado:spider_catalog	web-dorado spider catalog	eq	*

References

www.openwall.com/lists/oss-security/2015/04/25/6

www.securityfocus.com/bid/72798

www.drupal.org/node/2437977

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for CVE-2015-4350

nvd1 prion1 cvelist1 drupal1